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(54) Information transmission, reception and recording 



(57) An information processing apparatus and an in- 
formation processing method are capable of preventing 
information from being copied illegally. 

A hash function and a service key are stored in ad- 
vance in an EEPROM of a DVD player serving as a 
source. In an EEPROM of a personal computer (PC) 
serving as a sink, its ID and a license key are stored 
beforehand. The DVD player requests the PC to trans- 
mit the ID. The DVD player then applies the hash func- 
tion to data resulting from concatenation of the ID with 



the service key to generate a license key (- hash (ID || 
service_key)). Subsequently, the DVD player generates 
a source side common session key and encrypts the 
session key by using the generated license key. Then, 
the DVD player transmits the encrypted source side 
common session key to the PC. The PC decrypts the 
encrypted source side common session key by using 
the license key stored in its EEPROM to produce a sink 
side common session key which has a value equal to 
that of the source side common session key. 
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EP 0 874 300 A2 

Description 



f T 7T° n ' ° 30 ,n,ormation transmission apparatus and method, an information reception 

apparatus and method, and a recording med.um. Iterative embodiments of the invention relate to such me hod and 
a recording medium that allow data to be exchanged with a higher degree of security. 

In recent years, there has been proposed a system comprising pieces of electronic equipment such as AV appa- 
ratuses and personal computers connected to each other by typically IEEE 13 94 serial buses wherein data can be 
exchanged among the pieces of equipment. wnerein aaia can oe 

ni J^? UCh 3 S w S , ,em ' t XamP,e ' ° rdinary US6r Can Play back movie '"'oration by using a DVD (Digital Video 
?h^ P H^.H TT m0V ' e in, ° rmation to a mon «or through the 1 394 seria! bus to disp.ay i, on the moS? 
The conduct done by the user to display the movie information is automatica.ly permuted by the author oHhe moS 

; n n oZ :r lth r h a ,ic r se which was ° btained when the — p»«*«- *» ^ w^rST 

In order to do a conduct to copy the movie information played back from the DVD player to another recordinq med urn 
such as an optica, magnetic disc, however, i, is necessary for the user to obtain a special permiss on from ,L auto" 
2£%T 8 , ,n,0r H ma,, ° n - ' n the CaSe ° f 3 C °PV llcense ' the optica, magnetic disc apparatus ,s Tlso used °o 

store a key for indicating whether or not recording movie information into an optical magnetic disc mourned on the 

ll 'n ": *, , h ^ " 10 SaV ' " US6d ,0r f ° rmin9 3 ,Ud 9 ment as 10 «^ «x not the op*ca magnet 

J a TT S ,S 3 ^ aPPara,US ' tha ' iS ' ^ aPPara ' US MCenSed b * the author °» the ™™ information If thToptfcal 
magnetic disc : apparatus « authenticated as a valid apparatus, the act to record the movie information into the appaStus 
can be judged to be a permitted conduct. apparatus 

In such a case, it is necessary to verify that the destination apparatus is a valid apparatus in a transfer of information 
from an apparatus transmitting the information to an apparatus receiving the information, that is the des ZaZ Tao 
paratus. It should be noted tha. the information transmuting apparatus and the information recelg appar us are 
referred to hereafter as a source and a sink respectively. 9 apparatus are 

Fig^41 is a diagram showing the ordinary method for authenticating a destination apparatus As shown in the 

ofTc, of theso 6 ^TT: T* 9iV6n 3 Pr6de,ermined ,Uncfon ' ' n advan ~ * *e author. Stored in a memory 
of e.cn of the source and s.nk. the function f is difficult to identify from its input and output. In addition ,t is difficult iZ 

f P ZT T T S n °?: fUnCt '° n ' ,0 infSr an ° U,pUt Praduced b * the funct - ' "om an input o the Z Z 
f. The function f ,s provided to and stored in only an apparatus licensed by the author. 

The source generates a random number r and transmits the number r to the sink through a 1 394 serial bus The 
source also applies the function f to the random number r, generating a number x (= f(r)) 

a number w? IT^ ' ^ ^ aPP ' iSS ,he ,UnC,ion ' to ,he rand ° m ™"*er r. generating 

a number y (= f(r)). The sink then transmits the number y to the source 

The source compares the calculated number x with the number y received from the sink to form a judgment as to 
the^ to £ 1 " eqUa ' !° T la,ter <X = y) ' nUmbSr X iS f ° Und G « Ual 10 the — b - V- 1^ ou 9 "" dges 

^:^ZT^Sr US " th ' S C3S " ^ inf0rmafon iS ^ 3 P ™ ~* 

A !, k f/;f T" 6 k 9enera,ed ^ applv in 9 the function f to the number y received by the source from the sink f 
.s used (k = f (y)) By the same token, the sink also applies the function f to the number y to generate the value k (- 
(y)>. The value k ,s then, on the contrary, used as a key for decrypting the encrypted movie information 

mi„iro t I S H meth0d h °T Ver ' " 15 neC6SSary ,or a " pieces of electronic equipment used as sources and sinks for trans- 
mitting and receiving information respectively to hold a uniform function f in strict confidence 

As a result, when the function f held in a piece of electronic is stolen by an unauthorized user for example the 
unauthorized user ,s capab.e of generating a key k by monitoring data exchanged by way of a 1 394 serial "bu^nd « 

6 ? T Pre,in9 ° r deCfyPtin9 6nCryPted ^ ' n th ' S ^ ,he -authorized user I capable « 
steahng information by pos.ng as an authorised user using a desired piece of electronic equipment 
Aspects of the invention are specified in the claims to which attention is invited 

of J^T^T °' T° inVenU ° n described b * wa V °< e * am P'* hereinafter seek to further improve security 

o transmuted information by preventing an unauthorised user from posing as an authorised user using a desired piece 
of e ectron.c equipment even if data required for encrypting or decrypting the information is stolen by fhe unaumorized 

The present invention will become more apparent and will hence be more readily appreciated as the same becomes 
better understood from a study of the fo.lowing illustrative description of some preferred embodiments with retere'ce 
to accompanying diagrams in which:- reierence 

Figure 1 is a block diagram showing a typical configuration of an information processing system to which an em- 
bodiment of the present invention is applied; . ' an em 
Fig. 2 is a block diagram showing detailed typical configurations of a DVD player 1 , a personal computer 2 and an 
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optical magnetic disc apparatus 3 in the information processing system shown in Fig. 1; 
Fig. 3 is an explanatory diagram used for describing authentication processing; 

Fig. 4 is a diagram showing an embodiment implementing an authentication procedure for carrying out the au- 
thenticating processing shown in Fig. 3; 
Fig. 5 is a diagram showing the format of a node unique ID; 

Fig. 6 is a diagram showing another embodiment implementing the authentication procedure: 

Fig. 7 is a diagram showing a further embodiment implementing the authentication procedure: 

Fig. 8 is a diagram showing a still further embodiment implementing the authentication procedure: 

Fig. 9 is a diagram showing still another embodiment implementing the authentication procedure; 

Fig. 10 is a block diagram showing an embodiment implementing an information processing system to which an 

embodiment of the present invention is applied wherein a source transmits encrypted data to a plurality of sinks: 

Fig. 11 is a block diagram showing a typical configuration of a 1394 interface unit 26 employed in a DVD player 1 

serving as the source in the system shown in Fig. 10; 

Fig. 12 is a block diagram showing a typical detailed configuration of the 1394 interface unit 26 shown in Fig. 11; 
Fig. 13 is a block diagram showing a typical detailed configuration of an LFSR 72 employed in the 1394 interface 
unit 26 shown in Fig. 12: 

Fig. 14 is a block diagram showing a more concrete configuration of the LFSR 72 shown in Fig. 13; 

Fig. 1 5 is a block diagram showing a typical configuration of a 1 394 interface unit 36 employed in an optical magnetic 

disc apparatus 3 serving as a sink in the system shown in Fig. 10; 

Fig. 16 is a block diagram showing a typical detailed configuration of the 1394 interface unit 36 shown in Fig. 15: 
Fig. 17 is a block diagram showing a typical configuration of a 1394 interface unit 49 employed in a personal 
computer 2 serving as another sink in the system shown in Fig. 10: 

Fig. 18 is a block diagram showing a typical detailed configuration of the 1394 interface unit 49 shown in Fig. 17: 
Fig. 19 is a block diagram showing a typical configuration of an application module 61 employed in the personal 
computer 2 serving as the other sink in the system shown in Fig. 10; 

Fig. 20 is a block diagram showing a typical detailed configuration of the application module 61 shown in Fig. 19: 
Fig. 21 is a block diagram showing another typical detailed configuration of the 1394 interface unit 26 employed 
in the DVD player 1 serving as the source in the system shown in Fig. 10; 

Fig. 22 is a block diagram showing another typical detailed configuration of the 1394 interface unit 36 employed 
in the optical magnetic disc apparatus 3 serving as the sink in the system shown in Fig. 10; 
Fig. 23 is a block diagram showing another typical detailed configuration of the 1394 interface unit 49 employed 
in the personal computer 2 serving as the other sink in the system shown in Fig. 10: 

Fig. 24 is a block diagram showing another typical configuration of the application module 61 employed in the 
personal computer 2 serving as the other sink in the system shown in Fig. 10: 
Fig. 25 is a diagram showing a still further embodiment implementing the authentication procedure: 
Fig. 26 is a diagram showing a continuation procedure to the authentication procedure shown in Fig. 25; 
Fig. 27 is a diagram showing an alternative continuation procedure to the authentication procedure shown in Fig. 25: 
Fig. 28 is a block diagram showing the configuration of another embodiment implementing an information process- 
ing system to which an embodiment of the present invention is applied wherein a source transmits encrypted data 
to a sink, 

Fig. 29 is a block diagram showing a random number generator 903 or 914 employed in the source or the sink 
respectively in the system shown in Fig. 28; 

Fig. 30 shows a flowchart representing operations carried out by a processing circuit 902 or 913 employed in the 
source or the sink respectively in the system shown in Fig. 28; 

Fig. 31 is a diagram showing a still further embodiment implementing the authentication procedure; 
Fig. 32 is a diagram showing the format of a packet; 

Fig. 33 is a diagram showing a still further embodiment implementing the authentication procedure; 
Fig. 34 is a block diagram showing a typical configuration of a CBC mode; 

Fig. 35 is a diagram showing a still further embodiment implementing the authentication procedure; 
Fig. 36 is a diagram showing a still further embodiment implementing the authentication procedure; 
Fig. 37 is a diagram showing a still further embodiment implementing the authentication procedure: 
Fig. 38 is a diagram showing a still further embodiment implementing the authentication procedure; 
Fig. 39 is a diagram showing a still further embodiment implementing the authentication procedure: 
Fig. 40 is a diagram showing a still further embodiment implementing the authentication procedure; and 
Fig. 41 is a diagram showing the ordinary authentication procedure. 

Fig. 1 is a block diagram showing a typical configuration of an information processing system to which an embod- 
iment of the present invention is applied. As shown in the figure, in the configuration, a DVD player 1, a personal 
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computer 2, an optical magnetic disc apparatus 3, a data broadcasting/receiving apparatus 4. a monitor 5 and a tele 
vision receiver 6 are connected to each other by an IEEE1394 serial bus 11 

Fig. 2 is a block diagram showing detailed typical configurations of the DVD player 1 the personal comouw ? «nH 
the optica, magnetic d.sc apparatus 3 in the information processing system shown^n Fig. i ^^p^T^nS 
a CPU 21 , a ROM unit 22, a RAM unit 23, an operation unit 24, a drive 25, a 1 394 inLace unit 26 ; an Tan EEPROM 
unit 27 which are connected to each other by an interna, bus 28. As shown in the figure, the DVD o^ayeM ? connived 
to the 1394 serial bus 11 through a 1394 interface unit 26. The CPU 21 carries out various kinds o p ocess^bv 
execunon of a program stored in the ROM unit 22. The RAM unit 23 is used for properly storing Zo JZn sucl as 
data and the program which are required by the CPU 21 in carrying out the processing The operaL ^^comples 
components such as buttons, switches and a remote controller. When the user operates the operatio^un^ a siTna" 
representing the operation is generated. The driver 25 drives a DVD which is not shown in the figure plavino back 
data recorded on the DVD. The EEPROM unit 27 is used for storing information which needs to be s ^ed eTen after 
the power supply of the DVD player 1 is turned off. ,n the case of the present embodiment, an examS^stTinS 

'SIT ,S , £ T h CryP,i ° n /d6CryP,i0n ^ ' nternal bUS 28 iS USed ,or connecti "9 CPU 21 . the TOM ^^22 he 
RAM un.t 23, the operation unit 24, the drive 25, the 1394 interface unit 26 and the EEPROM unit 27 Teach other 

Much hke the DVD player 1 . the optica, magnetic disc apparatus 3 comprises a CPU 31 . a ROM unTS a RAM 
unit 33, an operation unit 34, a drive 35, a 1394 interface unit 36 and an EEPROM unit 37 which are connected to each 
other by an interna, bus 38. Since the CPU 31 to the internal bus 38 have the same functions of the CPU 2 tothe 
internal bus 29 employed in the DVD player 1 respectively, their explanation is not repeated. The only exception is tha! 
the driver 35 dr.ves an optical magnetic disc which is not shown in the figure instead of a DVD. The drfver M ^ds 
and plays back data into and from the optical magnetic disc recoras 
In addition to a CPU 41 , a ROM unit 42, a RAM unit 43, a 1394 interface unit 49 and an EEPROM unit 50 which 
are connected to each other by an interna, bus 51 , the persona, computer 2 also includes an input/outpu, interface unS 
44, a keyboard 45, a mouse 46, an HDD (Hard Disc Drive) 47 and an expansion board 48. The persona"compu,er 2 
.s connected to the 1394 seria, bus 11 through the 1394 interface unit 49 The CPU 41 carries out variousTds of 
processing by execution of a program stored in the ROM unit 42. The RAM unit 43 is used for properly storing information 
such as data and the program which are required by the CPU 41 in carrying out the processing } cO^ZTZ 
interna, bus 51, the input/output interface unit 44 serves as an interface between the CPU 41 and the kSoa d 45 
he mouse 46, the HDD 47 and the expansion board 48. The input/output interface unit 44 passes on slXinput 
from the keyboard 45 and the mouse 46 connected to the interface untt 44 to the CPU 41 by way ol^e Ka^us 
51. Connected to the HDD 47, the input/output interface unit 44 a.lows data and a program coming from the Srna' 
bus 51 to be stored into the HDD 47 and, on the contrary, data and a program stored in the HDD 47 to be read oufand 
forwarded to the internal bus 51 . The expansion board 48 is connected to the input/output interface unit 44 if needed 
allowing necessary functions to be added to the persona, computer 2. The EEPROM unit 50 is used for storing infor- 
mation which needs to be stored even after the power supp.y of the persona, computer 2 is turned off In the casi of 
the present embodiment, an example of such information is a variety of encryption/decryption keys. The internal bus 
f h ooM ; tyP,Ca,,y implemen,ed b V a PCI (Peripheral Component .nterconnect) bus for connecting the CPU 41 
STtoich "cj£ ^ ^ 1 interfaCe 49 ' EEPR ° M Un " 50 and ,hS -P^outpuulrface un,t' 

.nJrllf^TL"?^ imernal 51 15 d6Si9ned in 3n ^lecture open to the user through the input/output 

interface un„ 44^That ,s to say, the user is allowed to connect an addit.onal board as an expansion board 48 to fhe 
.npuuou put interface unit 4* if required, and to write a custom program for the additional boSrd to be Ts alS in Z 
persona, computer 2. The CPU 41 then executes the custom program, properly exchanging data with the expans on 
board 48 by way of the internal bus 51 in order to implement a desired function expans.on 
,n the case of a consumer electronic (CE) apparatus such as the DVD player 1 and the optica, magnetic disc 
apparatus 3, on the contrary, their internal buses 28 and 38 are no, designed in an architecture open to tnTuser Thts 

M i." ZeXeTsTe^ aCqUir,n9 "** * *** * ' n,ema ' ^ 28 " 38 Unl6SS imema ' bUS 28 " 

The following is a description of processing of authentication of a sink carried out by a source with reference to 
F.gs. 3 and 4. F,g. 3 .s an explanatory diagram used for describing the authentication processing AsZTo Xe 
figure, the processing ,s typically carried out by firmware 20 stored as a program in advance in the ROM un"t 22 
employed ,n the DVD player 1 serving as the source to authenticate a .icense manager 62 stored Mn he ROM un 42 
to be executed as a program by the CPU 41 employed in the persona, computer 2 serving as the sink 

bv ih'nJn 3 , d ' a9 ? m T W ' n9 an e K mb0d : men, im P lementi "9 a procedure whereby the source imp.emented typically 
" V a D P,a k yer j authenl '"tes the sink implemented typicai.y by the persona, computer 2 by allowing the smk to 
generate a sink side common session key having the same value as a source side common session key generated 
by the source only .f the sink is a valid sink. In the EEPROM unit 27 employed in the DVD player 1 a service key and 
a hash function are stored in advance. The service key and the hash function are given by 'an author of iXrma. on to 
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the user of the DVD player 1 who has to keep them in the EEPROM unit 27 in strict confidence. 

The author provides the user with a service key for each piece of information created by the author The service 
key is used as a key common to all apparatuses connected to each other by the 1394 serial bus 11 to compose a 
system. It should be noted that, in the present specification, the term system is used to imply the whole system com- 
s prising a plurality of apparatuses. 

The hash function is used for transforming an input with an arbitrary length into output data with a fixed length 
such as 64 bits or 1 28 bits. Let the transformation be expressed by y = hash (x) where the symbol x is the input to the 
hash function and the symbol y is the data output by the function. In this case, the hash function is such a complex 
function that it is difficult to find the value of x from a given value of y. The hash function is such a complicated function 
10 that it is difficult to find a pair of xl and x2 that satisfies the equation hash (xl) = hash (x2). MD5 and SHA are each the 
name of a function known as a representative one-way hash function. For details of the one-way hash function, refer 
to a reference with a title "Applied Cryptography" authored by Bruce Schneier, a second edition published by Wiley. 

In the personal computer 2 used as a typical sink in the example shown in Fig. 4, on the other hand, an ID unique 
to the electronic apparatus, that is, the personal computer 2 in this case, and a license key provided in advance by the 
i^ author of information are stored in strict confidence in the EEPROM unit 50. This node (apparatus) unique I D is normally 
assigned to the electronic apparatus by the manufacturer of electronic equipment as will be described later. The license 
key is a value resulting from application of the hash function to (n + m)-bit data which is obtained by concatenating the 
n-bit ID with the m-bit service key. Thus, the license key can be expressed by the following equation: 

20 

ticense_key = hash (ID || service_key) 

where the notation "ID || service_key" represents a concatenation of the ID with the service key. 

A node_unique_ID determined by specifications of the 1394 bus 11 can be typically used as an ID. Fig. 5 is a 

25 diagram showing the format of the node unique ID. As shown in the figure, the node unique ID comprises 8 bytes (or 
64 bits). The first 3 bytes are controlled by the IEEE and given by the IEEE to a manufacturer of electronic equipment 
as a number unique to the manufacturer. On the other hand, the low-order 5 bytes can be assigned by the manufacturer 
of electronic equipment itself to an electronic apparatus sold to the user. Typically, each value of the whole low-order 
5 bytes are assigned by the electronic equipment maker to an electronic apparatus as a serial number of the apparatus. 

30 Since the high-order 3 bytes have a value unique to the manufacturer of electronic equipment, the node_unique_ID is 
unique to each of electronic apparatuses without regard to whether the apparatuses are produced by the same man- 
ufacturer or different manufacturers. 

As shown in Fig. 4, the procedure begins with a step S1 at which the firmware 20 in the DVD player 1 controls the 
1394 interface unit 26 to make a request to the personal computer 2 for the ID thereof to be transmitted by way of the 

35 1 394 serial bus 1 1 . Then, the procedure goes on to a step S2 at which the license manager 62 of the personal computer 
2 receives the request for the ID. To put it in detail, the 1394 interface unit 49 employed in the personal computer 2 
passes on the request for the ID transmitted by the DVD player 1 by way of the 1 394 serial bus 11 to the CPU 41 . The 
procedure then proceeds to a step S3 at which the license manager 62 being executed by the CPU 41 reads out the 
ID from the EEPROM unit 50 in accordance with the request forwarded thereto by the 1394 interface unit 49 and 

JO transmits the ID to the DVD player 1 by way of the 1 394 interface unit 49 and the 1 394 serial bus 11 . 

Then, the procedure continues to a step S4 at which the 1394 interface unit 26 employed in the DVD player 1 
receives the ID and passes on it to the firmware 20 being executed by the CPU 21 . 

Subsequently, the procedure goes on to a step S5 at which the firmware 20 concatenates the ID received from 
the personal computer 2 with a service key stored in the EEPROM unit 27 to form data (ID || service_key). Then, a 

45 license key Ik is computed by applying the hash function to the data (ID || service_key) as shown in the following 
equation: 



Ik = hash (ID || service_key) 

so 

The procedure then proceeds to a step S6 at which the firmware 20 generates a source side common session key 
sk, details of which will be described later. The source side common session key sk will be used as a common session 
key S by both the DVD player 1 to encrypt a clear text to be transmitted and by the personal computer 2 to decrypt an 
encrypted text received from the DVD player 1. 
55 Then, the procedure continues to a step S7 at which the firmware 20 encrypts the source side common session 

key sk generated at the step S6 by using the license key Ik computed at the step S5 as a key to produce an encrypted 
source side common session key e in accordance with the following equation: 
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e = Enc (Ik, sk) 
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source side common session key e on Ihe lei, hand side oi the eqSon 

Sid. common s,ss^:i;:-sT„s™y P , h S e 7 r^SSSlir ^ ^ 
computer 2 by way of the 1 394 serial bus 1 1 Tho 1 employed in the DVD player 1 to the personal 

unit 49 employed "n he personal com^e 2 recZ^T* P T > ^ t0 8 ^ 39 31 WhiCh ,he 1 394 interta <=e 
a key to produce a sink side common session key sk' in accordance with the .ollowing equLtin " 



sk' = Dec (license_key, e) 



It should be noted that the expression Dec (A B) on the riaht hanri n i .h 0 =k 
common session key encryption/decryption t^^e\Z^T^ ^% 1 1 ^ ^T™ 
key A to produce a sink side common session key'sk' on th^SfSe^ha equatn " * ^ * 

sssss^T^rr 6 ,n ,he 

reference with the title "Applied Cryptography" cited above. ^ ed,t '° n ° f the 

The license key provided by the author of information and stored in the EEPROM unit * .u 



30 Ik = license_key 



<-",r.:ec;=^ 



40 sk* = sk 



eomp„, e ,2 can use ,h. sink side common session key s ^,T, Tc S el as in ,o dJT ? 

received from Ihe DVO plaver 1 As an all.,naik,= ih. nur, , , c,yp, " : ' n *•» as " ls '° decrypt an encrypled lexl 

as an encryption key b/uT LtS^T^ 0 ^ .S7b^^ 1 ? ^ 

the personal computer 2 generates a random number to be used as a decfvSn JLT dBSC " bed la,er L,kewise ' 
session key sk' as a base as will also be described later ^cryption key by using the s.nk side common 

As described above, the license key Ik is qenerated at thp Qt*n c;c of tha „ . 

the hash ,unct,on to a concatenation of an ID uniquTto a ^iu^r elc r^cTo JlV T ^ 4 * aPP ' yin9 

lo Ihe step sto d ,h, procedure sho»n in F,g. 4, In a ^laTS^o ZT 7 "t M 

,h. Cwo piayer , .„c wls reproduced daj'or'a ^ZZOTJ^^^ZZZ 
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transmits the encrypted data or the encrypted text to the personal computer 2. Provided with a correct license key, the 
personal computer 2 is capable of generating the sink side common session key sk' (Refer to the step S10 of the 
procedure shown in Fig. 4). The personal computer 2 is thus capable of decrypting the encrypted playback data or the 
encrypted text received from the DVD player 1 by means of the sink side common session key sk\ If the personal 

5 computer 2 is not a licensed electronic apparatus, however, it will be impossible to generate the sink side common 
session key sk* because the correct license key is not available. As a result, the unlicensed personal computer 2 is 
not capable of decrypting the encrypted playback data or the encrypted text received. from the DVD player 1 . In other 
words, only a sink capable of generating a sink side common session key sk' having the same value as the source 
side common session key sk generated by the source is authenticated in the end. This is because only a particular 

to electronic apparatus serving as an authorized source which has a service key provided by an author for information 
or a text created by the author and receives a correct ID from an authorized sink is capable of generating the correct 
license key Ik. By the same token, only a particular electronic apparatus serving as an authorized sink which is provided 
with the correct license key by the author is capable of generating the correct sink side common session key sk' for 
use as a decryption key to decrypt encrypted data or an encrypted text. 

15 Assume that a license key granted to a personal computer 2 is stolen by any chance. In this case, nevertheless : 

the stolen license key can not be used in another electronic apparatus to generate a valid sink side common session 
key sk' because the other apparatus has an ID different from that assigned to the personal computer 2. Since the ID 
varies from apparatus to apparatus as such, another electronic apparatus will not be capable of decrypting the en- 
crypted playback data or the encrypted text received from the DVD player 1 by means of the stolen license key. As a 

20 result, the security of transmitted information can be enhanced. 

By the way, an unauthorized user may know both the encrypted source side common session key e and the source 
side common session key sk by any chance for some reasons. In this case, since the encrypted source side common 
session key e is a kind of text resulting from encryption of the source side common session key sk using the license 
key Ik, it is quite within the bounds of possibility that the unauthorized user is capable of obtaining the correct value of 

2S the license key Ik by using all values of the license key Ik in the encryption of the source side common session key sk 
using the license key Ik to calculate the encrypted source side common session key e on a trial-and-error basis provided 
that the algorithm of the encryption is disclosed. 

In order to prevent an unauthorized user from launching such a kind of attack, the process to reversely derive a 
license key from a known encrypted source side common session key e and a known source side common session 

30 key sk can be made difficult by keeping the algorithm of the encryption in strict confidence, that is, by not disclosing 
part or all of the encryption algorithm to the public. 

By the same token : a process to reversely derive a service key from a known license key and an ID by using all 
values of the service key and the known ID in a hash function to produce the known license key on a trial-and-error 
basis can be made complicated by keeping the hash function in strict confidence, that is, by not disclosing part or all 

35 of the hash function to the public. 

Fig. 6 is a diagram showing another embodiment implementing an authentication procedure whereby a source 
implemented typically by the DVD player 1 authenticates two sinks implemented typically by the personal computer 2 
and the optical magnetic disc apparatus 3 respectively by allowing each of the sinks to generate a sink side common 
session key having the same value as a source side common session key generated by the source only if the sinks 

^o are valid sinks. 

In the EEPROM unit 50 employed in the personal computer 2 serving as the first sink, ID 1, an identification 
assigned in advance uniquely by a manufacturer of electronic equipment to the personal computer 2, and License Key 
1 ; a license key provided in advance by an author of information to the computer 2 are stored. By the same token, in 
the EEPROM unit 37 employed in the optical magnetic disc apparatus 3 serving as the second sink, ID 2, an ID assigned 

4 $ in advance uniquely by a manufacturer of electronic equipment to the disc apparatus 3, and License Key 2, a license 
key provided in advance by the author of information to the disc apparatus 3 are stored. 

Since pieces of processing carried out at the steps S11 to S20 by the DVD player 1 serving as the source and the 
personal computer 2 serving as the first sink are in essence the same as those of the steps S1 to Si 0 of the procedure 
shown in Fig. 4, their explanation is not repeated. 

50 In brief, the personal computer 2 generates a valid sink side common session key ski ' from an encrypted source 

side common session key e1 received from the DVD player 1 at the step S20 as described above. The procedure then 
goes on to a step S21 at which the firmware 20 in the DVD player 1 controls the 1394 interface unit 26 to make a 
request to the optical magnetic disc apparatus 3 for the ID thereof to be transmitted by way of the 1 394 serial bus 1 1 . 
Then, the procedure goes on to a step S22 at which firmware 30 of the optical magnetic disc apparatus 3 shown in 

55 Fig. 10 receives the request for the ID. To put it in detail, the 1394 interface unit 36 employed in the optica! magnetic 
disc apparatus 3 passes on the request for the ID transmitted by the DVD player 1 by way of the 1394 serial bus 11 
to the CPU 31 . The procedure then proceeds to a step S23 at which the firmware being executed by the CPU 31 reads 
out the identification ID2 from the EEPROM unit 37 in accordance with the request forwarded thereto by the 1394 
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Ik2 = hash (ID2 || service_key) 

Then, the procedure continues to a step S26 at which the firmware 20 encrypts the source side common *„«ion 
key sk generated at the step Sl6 by using the license key lk2 computed at 7he step S as a L?^ n h 
encrypted source side common session key e2 in accordance with the Jiowlg epuSon " "* 

e2 = Enc (Ik2, sk) 

20 Subsequently, the procedure goes on to a step S27 at which the firmware 20 transmits the enervated sourr* « ifte 

common sess.on key e2 generated at the step S26 to the optica, magnetic disc 3. To put in n "etT the encl ed 
source s.de common sess.on key e2 is transmitted by the 1 394 interface unit 26 employed in the DVD Iver 1 To he 
optical magnetic disc apparatus 3 by way of the 1 394 serial bus 1 1 P V 6 

25 h^? 6 Pr ° Ced r * hen prOCeeds to a s,e P S28 at ^ich the 1 394 interlace unit 36 employed in the optical maonetic 
2L ^7 P,ed SOUfCe SidS COmm ° n S6SSi0n k ^ 62 The ^ tne Procedu™ proceeds 2 ep S2 m 

"2V TZT d6CryPtS 6nCryP,ed S ° UrCe Side Common session key e2 passed on mere^o by the ^94 
interface un.t 36 by us.ng a .icense key (license_key 2) stored in the EEPROM unit 37 as a key to produce a sink side 
common session key sk2' in accordance with the following equation: produce a sink side 

30 

sk2' = Dec (license_key 2, e2) 
mmm deSCribedabove ' ,ne P ersonal computer 2 and the optical magnetic disc apparatus 3 generate the sink side 
the step sT 6 38 6 S ° UrCe Side COmm ° n S6SSi0n key Sk 9 enerated b V *»e DVD player 1 at 

,inkf S ,ht OWn tl l n fi9Ur ?' Pr ° cedure be 9 jns with a ^ep S41 at which the DVD p.ayer 1 transmits requests to all 
s.nks^that -s, the personal computer 2 and the optica, magnetic disc apparatus 3, for the IDs Ihe^y^SSiSiS 
commun.cation. Then, the procedure goes on to steps S42 and S43 at which the persona, computer ^Ld mfoptical 
45 h 9 «1 SC appara,US 3 res P^tively receive the requests for the IDs. The procedure then P roceeds"o steal S44 

and .02 from the EEPROM units 50 and 37 respectively and transmit them to the DVD player 1 Th n 7e~ 
. continues to steps S46 and S47 at which the DVD p.ayer 1 receives the identifications ,01 and .02 respecS 

r ece^S= 



55 



Ikl = hash (ID1 || service_key) 



Subsequently, the procedure goes on to a step S49 at which thP nvn niaw^ i ^«^t * ^ 
IID2 1| se.VKe.key,. Then, a hcense key Ik2 is compu.ed by app,yi„ g me hash tac.lon K> tn. da,a ,ID2|| se^TJJ" 
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as shown in the following equation: 



Ik2 = hash (ID2 || service_key) 

The procedure then proceeds to a step S50 at which the DVD player 1 generates a source side common session 
key sk. Then, the procedure continues to a step S51 at which the DVD player 1 encrypts the source side common 
session key sk generated at the step S50 by using the license key ikl computed at the step S48 as a key to produce 
an encrypted source side common session key e1 in accordance with the following equation: 



e1 = Enc (Ikl, sk) 



Then : the procedure continues to a step S52 at which the DVD player 1 encrypts the source side common session 
1$ key sk generated at the step S50 by using the license key Ik2 computed at the step S49 as a key to produce an 
encrypted source side common session key e2 in accordance with the following equation: 



20 



e2 = Enc (Ik2, sk) 

The procedure then goes on to a step S53 at which the identification ID1, the encrypted source side common 
session key el, the identification ID2 and the encrypted source side common session key e2 are concatenated to 
produce an encrypted source side common session key e as follows: 



25 

e= ID1 || el || 1D2|| e2 



Subsequently, the procedure goes on to a step S54 at which the DVD player 1 transmits the encrypted source 
side common session key e to the personal computer 2 and the optical magnetic disc apparatus 3 by broadcasting 
communication. The procedure then proceeds to steps S55 and S56 at which the personal computer 2 and the optical 
magnetic disc apparatus 3 receive the encrypted source side common session key e. Then., the procedure proceeds 
to steps S57 and S58 at which the personal computer 2 and the optical magnetic disc apparatus 3 decrypt the encrypted 
source side common session keys e1 and e2 extracted from the encrypted source side common session key e by 
using the license keys License Key 1 and License Key 2 stored in the EEPROM units 50 and 37 as keys to produce 
sink side common session keys ski' and sk2" respectively in accordance with the following equations: 

skV = Dec (License_key 1, e1) 
sk2' = Dec (License_key 2, e2) 

Fig. 8 is a diagram showing an embodiment implementing a procedure of authentication processing whereby only 
a valid sink will generate a sink side common session key sk' having the same value as a source side common session 
key sk generated by a source in a system wherein the sink is capable of rendering a plurality of services, that is, 
decrypting a plurality of kinds of information. To handle the different kinds of information, the personal computer 2 
serving as the sink is provided with a plurality of license keys stored in the EEPROM unit 50 such as License_key 1, 
License_key 2, License_key 3 etc. for the different kinds of information. By the same token, the DVD player 1 serving 
as a source has information on a plurality of service IDs for identifying which kinds of information to be transmitted to 
the sink and a plurality of service keys stored in the EEPROM unit 27 such as Service_key 1 1 Service_key 2, Service_key 
3 etc. used for generating License_key 1 , License_key 2, License_key 3 etc. respectively. Pieces of processing carried 
out in the procedure shown in Fig. 8 are similar to those of the procedure shown in Fig. 4 except for the following steps. 
To begin with, at a step S81, the DVD player 1 transmits a request for an ID along with a service ID for identifying a 
kind of information, which is to be serviced by the personal computer 2 used as the sink, to the personal computer 2. 
Then, at a step S85, a license key Ik is generated by the DVD player 1 by application of the hash function to an ID 
received from the personal computer 2 and one of Service_key 1 : Service_key 2, Service_key 3 etc. in the EEPROM 
unit 27 which is associated with the kind of information to be transmitted to the sink, that is, associated with the service 
ID transmitted to the personal computer 2 at the step S81 . Finally at a step S90, the personal computer 2 generates 
a sink side common session key sk' from an encrypted source side common session key e received from the DVD 
player 1 at a step 89 and one of License_key 1, Ltcense_key 2, Ltcense_key 3 etc. in the EEPROM unit 50 that is 
associated with the service ID received from the DVD player 1 at the step S82. 
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sink S^lfr? Sh ° Wi ? 9 an ° th ! r embodimen ' implementing a procedure of authentication whereby only a valid 
sink w,ll be capable of generating a sink s.de common session key sk' having the same value as a source side common 
session key sk generated by a source, .n this case, the DVD ptayer 1 used as a souTce has a s ^c k^ a hash 
unction and a pseudo random number generating function pRNG which are stored in the EEPROM^ employ £ 
thereby. The serv.ce key, the hash function and the pseudo random number generating function dRNG Irl It 
an author of information and kept in strict confidence. On the other hand, stored in the IeprcS Z" st ££Z Z 
the personal computer 2 serving as a sink are an ID assigned to the personal computer 2 by the maJZSS 2 
electron* equipment as wel. as license keys LK and LK\ a confusion function G and the pseudo random numb! 
generating function pRNG which are given by the author of the information 

The license key LK is a unique random number generated by the author whereas the license kev LK' is 
generated by the author so as to satisfy the following equation: V 3 S ° 
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LK ' = G A - 1 (R) 

where R = pRNG (H) (+) pRNG (LK) 
where H = hash ((ID || service_key) 

f , .nr^orT 6 ^ ^ Whi ' e Symb °' " a '° ne den °* eS ,he power notation ' 'he Nation -G a -1 • means the inverse 
function of the confusion fundon G. The value of the inverse function G a can be found wjth ease prov^hat 
predetermined rules are known. I, the predetermined ru.es are no. known, however, i, is difficult to compu e the vaTue 

in'! 27 ?, T ° n " 1 o fUnC,i ° n " enCryP,i ° n baSSd ° n 3 disclosed ke * can ^ utilized as mtsTun^on 
In add.t.on, the function pRNG for generating a random number can be implemented by hardware 

rortn^.f TT 9 9 ' prOCedure be 9 ins with a ste P S101 at which the firmware20 in the DVD player 1 makes a 
request to the cense manager 62 of the personal computer 2 for the ID thereof to be transmitted Then the procedure 

?he oroVed 3 fh P 2 ^ f iCh ,iC8nSe mana9er 62 °' the PerS ° nal COm P Uter 2 receiv - the request ZTZ HD 
The procedure then proceeds to a step S103 at which the license manager 62 reads out the ID from the EEPROM unit 

fZTT^ n^n he , reqUeSt UanSmi,S the ' D l ° ,he DVD P' a ^ 1 ■ Then ' ^ P™*dure continues^ a step 
SI 04 at which the DVD player 1 receives the ID. Slep 

Subsequently, the procedure goes on to a step SI 05 at which the firmware20 concatenates the ID received from 
the persona, computer 2 with a service key stored in the EEPROM unit 27 to form data (ID || service kevT Sen a 
value H ,s computed by applying the hash function to the data (,D || service.key) as showi inmeToSwing^aTon 

H ~ hash (ID || service_key) 

kev ITt^ZVIZ^ ,0 3 S,6P 8106 31 WhlCh ,he fi "™ are2 ° 9 en ^ates a source side common session 
key sk. Then, the procedure contmues to a step S107 at which the firmware20 compute an encrypted source side 
common session key e from the value H generated at the step S105 and the source side common sessSi kev sk 
generated at the step Si 06 in accordance with the following equation: common session key sk 

e = sk (+) pRNG (H) 

where the notation ( + > used on the right hand side of the above equation is the operator of the operation to compute 
an exclude log.cal sum and, thus, an expression A <+> B represents the exclusive logical sum of A and B 

to JJZl^ L Sa)f ' , H S,eP . SOUrCS Side COmm ° n SeSSbn k ^ Sk aenerated al ^ S106 is encrypted 
to produce the encrypted source side common session key e by finding the exclusive logical sum of each bit of the kev 

erX TnZ^lToT " ?*t? ^ * ^ * 3PP ' yin9 « h6 PS6Ud ° ^™bTr gen' 

eraung function pRNG to the value H generated at the step S105 

Subsequently, the procedure goes on to a step S108 at which the firmware20 transmits the encrypted source side 
common session key e generated at the step Si 07 to the personal computer 2 encrypted source side 

,nmm 6 PrOCedUr * then pr ° Ceeds t0 a s,e P S1 09 at which the persona, computer 2 receives the encrypted source side 

™ J ^ 1 6 PrOC6dUre PrOC6edS ,0 3 S,ep 5110 at which « he ,ic «^e managed 62 dec rypfs the 

encrypted source side common sess.on key e by using the license keys LK and LK' stored in the EEPROM unTso as 
keys to produce a sink side common session key sk' in accordance with the following equation: 

sk' = e (+) G (LK') (+) pRNG (LK) 
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That is to say, at the step Si 10, the encrypted source side common session key e received from the DVD player 

1 is decrypted to produce the sink side common session key sk' by finding the exclusive logical sum of the encrypted 
source side common session key e , G (LK'), a value obtained by applying the confusion function G stored in the 
EEPROM unit 50 to the license key LK* also stored in the EEPROM unit 50 s and pRNG (LK), a value obtained by 
applying the pseudo random number generating function pRNG also stored in the EEPROM unit 50 to the license key 
LK also stored in the EEPROM unit 50. 

Much like the procedure shown in Fig. 4, the sink side common session key sk' generated by the personal computer 

2 at the step Si 10 has the same value as the source side common session key sk generated by the DVD player 1 at 
the step S6. The fact that sk = sk' is proven by the following: 

sk' = e (+) G (LK') (+) pRNG (LK) 

Substituting (sk (+) pRNG (H)) for e in the expression on the right hand side of the above equation yields the following 
75 equation: 

sk' = sk (+) pRNG (H) (+) G(LK') (+) pRNG (LK) 
20 Since G(LK') = G( G A - 1 (R)) = R, the following equation is obtained: 

sk* = sk (+) pRNG (H) (+) R (+) pRNG (LK) 

25 Substituting (pRNG (H) (+) pRNG (LK)) for R in the expression on the right hand side of the above equation yields the 
following equation: 



30 
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sk' = sk ( + ) pRNG (H) ( + ) pRNG (H) ( + ) pRNG 
(LK) (+) pRNG (LK) 
= Sk 



As described above, the source and sink side common session keys sk and sk' are a common key S shared by 
both the DVD player 1 and the personal computer 2 serving as a source and a sink respectively. In addition, unlike the 
procedures described previously, it is only an author of information who is capable of generating license keys LK and 
LK*. Thus, an attempt made by a source to illegally generate the license keys LK and LK' will end in a failure. As a 
JO result, the security of transmitted information can be further improved. 

In the authentication procedures described above, a source authenticates a sink by allowing the sink to generate 
a sink side common session key sk' having the same value as a source side common session key sk generated by 
the source only if the sink is a valid sink. The procedure can also be applied for example to authenticate the ordinary 
operation to load an application program in the personal computer 2 in order to prevent an application program obtained 
illegally from being executed. In this case, it is necessary to form a judgment as to whether or not execution of each 
application program is allowed by the author of the program through the same procedure as those described so far 
whereby the license manager 62 authenticates an application module 61 as shown in Fig. 3. To be more specific, in 
the authentication procedure shown in Fig. 3, the license manager 62 serves as a source whereas the application 
module 61 is used as a sink. 

After the authentication process described above has been completed, that is, after the sink has generated a sink 
side common session key sk' having the same value as a source side common session key sk generated by the source, 
data or a clear text encrypted by the source by using an encryption key is transmitted to the sink from the source. At 
the sink, the encrypted data or the encrypted text is decrypted back by using a decryption key. As described above, 
the source and sink side common session keys sk and sk' can be used as encryption and decryption keys respectively 
as they are or, as an alternative, a random number generated from the session key sk or sk' is used as an encryption 
or decryption key instead. The operation carried out by the source to encrypt data and the operation carried out by the 
sink to decrypt the encrypted data are explained as follows. 

In an electronic apparatus such as the DVD player 1 and the optical magnetic disc apparatus 3, the internal functions 
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key S, that ,s the source side common session key sk or the sink side common session key sk" described eaX and 
a t,me vanable key i. strictly speaking, a key V for generating the time variable key i The session ke S and fl A - 
are supplied by the firmware20 or 30 to the 1 394 interface unit 26 or 36 resoectlplv Th! ! V f V ' 

initial value key Ss used as an initia. value and a derangement ke ^^al^^^ ^KSS 

and a orL t ^ ^^T™" *"> * ^ be ,0rmed reSpec, " el * <™ a P^e^rmined ^uX ofhfg h Irder bi ts 
and a predetermined number of .ow order bits of the source side common session key sk or the sink dll! 
sess.on key sk' which has the same value as sk used in the process of au^H^Z^^S^S^ 
r ke ^ S ' S P 7 erl V u P dated in each —ion. for example, for each movie Womurt^^^TS^k 
ke s Tnd 52 ° h r d . the ,imS Vadable k6y ' Wh ' Ch iS 9 enerated ,rom the derangement key Si of the lessen 

rZ^^™*—^ s in a session For — • - w,, 

Assume that movie data played back and output by the DVD player 1 serving as a source is transmitted to ,h P 
epical magnetic d,sc apparatus 3 and the persona, computer 2 which are used as s,nks by way o the serial bus 

DVD DlavGM f CryPte< ; h by ' he SinKS ' n ,hiS C3S - the data - encrypted by the 1 394 interface Inl 26 employed ith" 
DVD player 1 by us.ng the sess.on key S and the time vanable key i, strictly speaking the key i" and the encrvn ed 
data ,s decrypted back by the 1 394 interface unit 36 employed in the optical magnetic dis apparatu 3 bv us 3he 
session key S and the time variable key i, strictly speaking the key r apparatus 3 by us.ng the 

In the personal computer 2, on the other hand, the license manager 62 supplies the initial value kev Ss of thP 
session key S to the application module 61 and the derangement key Si of the session key S and the tfme vanab'e 

uZ ir tne T i 96neratin9 1hS ,imS Vari3b,e key '■■ to the 1 394 >^*™ -,t 49 se^,^ as a 'ok 
used fo dV t ' k ?K nlt 49 ' ,fme Vanable k6y iS 9enera,ed ,rom the Orangemen, key Si and the key ? and 

using tne session key S, strictly speaking, by using the .nitial value key Ss of the session key S 

an ar ,h deS t Cribed ab ° VS! ^ PerS ° nal com P u,er 2 havi "9 an architecture wherein the internal bus 51 is designed in 
an architecture open to the user, the 1 394 interface unit 49 carries ou, only a 1 st stage of the decryption on the encToted 
data, leaving the data stil, in an encrypted state. Then, the application module 61 further performs a 2nd stage of he 
decryption on the data decrypted by the 1394 interface unit 49 to produce the clear text In this wf^™!nn»! 
computer 2 is prohibited from copying data (that is, a clear text) transferred by way of he interna, " « 

As described above, according to the embodiment of the present invention, in a CE apparatus with an architecture 
wherein an interna, bus ,s not open to the user, encrypted data is decrypted on.y once S^T^^TZ 
a time variable key i. strictly speaking, a key r. In the case of a CE apparatus such as the perLnaf compute" t wrth 
an arch.tecture wherein an internal bus is open to the user, on the other hand, encrypted data is dec yptTd by using a 

stao/of d ? '■ ^ ? " 96nera,ed by USin9 * he deran 9— , key Si of a session key S anS th ke i 

stage of decrypt.on, and then further decrypted by using the initial value Ss of the session kev S at a IL 2 

decryption. The.s, and 2nd stages of the decryption processing are represented thTloS^g" equation °' 
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Dec (Ss, Dec (i, Enc (algo (S + i"). Data))) = Data 

where the term algo (S + i') appearing on the left hand side of the above equation represents a value r^.itinn f r „ m 
fhTSr °n 3 Pr6determined alQOrithm to the —"on Key S and the time Liable ke'y t "i ct ,y ^e^king e'keyT 
the notation Dec appearing at the .eft end of the equation represents the 2nd stage of the decryption he' omer Dec 
not*™ denotes he 1 st stage of decryption and the notation Enc indicates the encryption carried out by the source 

aoJS'n ",h 39ram 9 3 ,yPiCa ' COnfi 9 ura,ion of th * 1 interface unit 26 that satisfies me'erm Enc 

appearing m the equation g,ven above to represent the encryption carried out by the DVD player 1 employing the" 394 

back Shm U R , t S 7 o OWn l n ? f ' 9Ure ' C ° nfi 9 ura,ion «*"Pr.e- an additive generator 71 an ^SH ( UnZVeZ 
back Shift Register) 72, a shrink generator 73 and an adder 74. m-bit data generated by the additive generator 71 and 
If m ^ 9 t enera,ed by ,he LFSR are su PP' ied to ^ Shrink generator 73. The shrink generator 73 se.ects some p eces 

LFSR 72 and outputs the selected m-bit data to the adder 74 as an encryption key It should be noted that 
encryption key, a random number generated by the shrink generator 73. corresponds tWe key ( S 7n in ™,£ 
91 ven above. The adder 74 adds the m-b,t encryption key received from the shrink genltoi ^o ^ input clelnext 
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that is, m-bit data to be transmitted to the 1 394 serial bus 11 , to produce an encrypted text or encrypted data. 

The addition carried out by the adder 74 is a mod 2 A m process, where the symbol A is the power notation, meaning 
addition of the encryption key generated by the shrink generator 73 to the clear text. In other words, the process is 
addition of an m-bit key to m-bit data with a carry-over ignored. 
5 Fig. 12 is a block diagram showing a detailed configuration of the 1 394 interface unit 26 which is shown in Fig. 11 

in a simple and plain manner. As shown in Fig. 12, the initial value key Ss of the session key S received from the 
firmware20 is supplied to and held in a register 82 by way of the adder 61 . Typically, the initial value key Ss comprises 
55 words each having a length in the range 8 to 32 bits. On the other hand, the derangement key Si of the session key 
S is held in a register 85. Typically, the derangement key Si is the low order 32 bits of the session key S. 
to The key i* is held in a 32-bit register 84. The key i' is created in a process of accumulation of bits. To put it in detail, 

each time a packet is transmitted through the 1394 serial bus 11, typically, two bits used for forming the key i* are 
supplied to the register 84. The creation of the 32-bit key i' is completed as 16 packets are transmitted. At that time, 
the 32-bit key i' is added to the derangement key Si held in the register 85 by an adder 86 to finally generate a time 
variable key i which is supplied to the adder 81 . The adder 81 adds the time variable key i output by the adder 86 to 
75 the initial value key Ss held in the register 82, storing the result of the addition back in the register 82. 

Assume that the number of bits per word in the register 82 is 8. In this case, since the time variable key i output 
by the adder 86 is 32 bits in width, the time variable key i is divided into 4 portions each comprising 8 bits. Each of the 
4 portions is then added to a word in the register 82 at a predetermined address, that is. at one of the addresses 0 to 54. 

As described above, the initial value key Ss is held initially in the register 82. Each timel 6 packets of an encrypted 
20 text are transmitted thereafter, however, the initial value Ss is updated by adding the time variable key i thereto. 

An adder 83 selects predetermined two words among the 55 words of the register 82 and adds the selected two 
words to each other. With timing shown in Fig. 12, words at addresses 23 and 54 are selected by the adder 83. The 
adder 83 supplies the result of the addition to the shrink generator 73 and a word in the register 82. With the timing 
shown in Fig. 12, the adder 83 supplies the result of the addition to the word of the register 82 at an address 0 to 
25 replace the data currently stored in the word. 

At the next timing, the two words selected by the adder 83 are changed from the addresses 54 and 23 to addresses 
53 and 22 : being shitted in the upward direction shown in the figure by 1 word. By the same token, the destination of 
the result of the addition output by the adder 83 is also shifted upward. Since there is no word above address 0, 
however, the destination is changed from the word at address 0 to the word at address 54 at the bottom of the register 82. 
30 It should be noted that, in each of the adders 81 , 83 and 86, processing to compute an exclusive logical sum can 

be carried out instead. 

Fig. 13 is a block diagram showing a typical configuration of the LFSR 72. As shown in the figure, the LFSR 72 
comprises an n-bit shift register 101 and an adder 102 for summing up the values of a predetermined number of bits 
among the n bits. A bit. resulting from the addition by the adder 102 is stored in the left most bit b n of the n-bit shift 

35 register 101 shown in the figure and, at the same time, the previous value of the bit b n is shifted to a bit b n ^ on the 
right hand side of the bit b n . By the same token, the bit shifting to the right is applied to the previous values of bits b n _-, , 
b n _ 2 , — : etc. whereas the previous value of the right most bit b 1 shown in the figure is output. At the next timing, a bit 
resulting from the addition by the adder 1 02 is again stored in the left most bit b n of the n-bit shift register 101 and, at 
the same time, the previous value of the bit b n is again shifted to a bit b^ on the right hand side of the bit b n . By the 
same token, the bit shifting to the right is gain applied to the previous values of bits b n .-,, b n _ 2 . — etc. whereas the 
previous value of the right most bit b, is again output. These operations are carried out repeatedly, sequentially out- 
putting bits from the right most bit b-, one bit after another. 

Fig. 13 is a diagram showing a typical configuration of the LFSR 72 in general terms. On the other hand, Fig. 14 
is a diagram showing a typical configuration of the LFSR 72 in more concrete terms. In the configuration shown in Fig. 

-*s 14, the shift register 101 comprises 31 bits. The adder 102 is used for adding the value of the left most bit b 31 to the 
value of the right most bit b n and storing the result of the addition in the left most bit 31 of the shift register 101 . 

As shown in Fig. 1 2. the shrink generator 73 comprises a condition judging unit 91 and a Fl FO unit 92. The condition 
judging unit 91 passes on m-bit data supplied by the adder 83 employed in the additive generator 71 to the FIFO unit 
92 to be held therein as it is when the LFSR 72 outputs a bit having the logic value "1 When the LFSR 72 outputs a 

50 bit having the logic value "0", on the other hand, the condition judging unit 91 does not pass on m-bit data supplied by 
the adder 83 employed in the additive generator 71 to the FIFO unit 92, suspending the encryption process. In this 
way, the condition judging unit 91 employed in the shrink generator 73 selects only pieces of m-bit data which are each 
generated by the additive generator 71 while the LFSR 72 is outputting a bit with the logic value °1 " and stores the 
selected piece of m-bit data in the FIFO unit 92 of the generator 73. 

55 Each piece of m-bit data held in the FIFO unit 92 is supplied as an encryption key to the adder. 74 for generating 

an encrypted text by adding the encryption key to data representing a clear text to be transmitted to a sink, that is, data 
played back from a DVD in the source. 

The encrypted data is then transmitted from the DVD player 1 to the optical magnetic disc apparatus 3 and the 
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personal computer 2 by way of the 1 394 serial bus 11 

Fig. 15 is a diagram showing a typical configuration of the 1 394 interface unit 36 employed in the ootical manner 
d,sc apparatus 3 for decrypting the encrypted data received from the DVD player 1 by way o ,he 1 39 tier a Tbu 1 
As shown ,n the figure, much like the 1 394 interface unit 26 employed in the DVD player ? shown in I Ra 1 he 
s f.gura,,on comprises an additive generator 171, an LFSR (Linear Feedback Shift Register r^^enOTt^a 
and a subtractor 174. m-bi, data generated by the additive generator 171 and 1 -bi.'data generated b the LFSR 72 

way of the 1 394 senal bus 1 1 , to decrypt the encrypted text back into the clear text V V 

h«ln °TT T 6 COnfi 9 uration of the 1394 menace unit 36 employed in the DVD player 1 shown in Fia 15 is 
bas.cally .den .cal with that of the 1394 interface unit 26 employed in the optical magnetic disc apparaTus 3 shown in 

»5 9 L e ;S' SUb ' raC,0r 1 74 empl ° yed b * ,he i£ » a substitute for the adder 74 o, the TZr 

F,g. 16 ,s a d.agram showing a detailed configuration of the 1 394 interface unit 36 which is shown* Fta 1 B I a 
simple and plain manner. ,t is also obvious that the configuration of the 1394 interface unit * ernTyed fn ml DVD 
player 1 shown ,n F,g. 16 is basica.ly identica. with that of the 1394 interface unit 26 employed I inThe optica? maaneS 
disc apparatus 3 shown .n Fig. 12 except that the subtractor 174 employed by the former is used as "a subsTifu.e tor 

*> ilnlrl t^ ' attef ^ ^ m LFSR ^ 3 Shrink ^ * ^ M8 I T elt 

*> 182 an adder 183, a reg.ster 184, a register 185, an adder 186, a condition judging unit 191 and a FIFO uni? iPP 

25 r Th 1 U c S 'C Ce ° peration of ,ne 1 394 interf ^e unit 36 employed in the optical magnetic disc apparatus 3 shown 
,n F.g. 16 ,s basically the same as that of the 394 interface unit 26 employed in the DVD playerTshown^n Fia 1 2 T 
explanation is not repeated. It should be noted, however, that the former, different \™xT^£^JX££ 
of he former, the subtractor 1 74 subtracts the m-bi, decryption key received from the FIFO un„ 192 em^ed inthe 

30 i h 9e T! ,° r J ° m ^ enCryPt8d t6Xt tha ' iS m " brt data received from ^ DVD player 1 by way of the 1394 
30 serial bus 1 1 , to decrypt the. encrypted text into the clear text V 

™ ,1V UQ 1394 in,ertaCe Uni ' 36 em P'°y ed ,n ,he °P ti ^' magnetic disc apparatus 3, encrypted data is decreed onlv 
once by us.ng a sess,on key S, which comprises an initial value key Ss and a derangement key sf and a^rrTva^ble 
key i, strictly speaking, the key i\ as described above. variable 
In the case of the personal computer 2, on the other hand, encrypted data is decrypted by the 1 394 interface unit 
s LTn?H ,,me t Vanabl ! 1 WhiCh is 9 enerated * the derangement key Si of the session key S and a key at a Ts 

Z 9 t z CS e r decryp,ed by the app,ica,ion un,t 61 — an ™- **" k - ss o, ; y e ' 

Fig. 1 7 is a diagram showing a typical configuration of the 1 394 interface unit 49 employed in the personal comouter 
2 for decrypting the encrypted data or the encrypted text received from the DVD p.ayer 1 by way of the 1 394 serTa'bus 

IrlT^ TT 3 " *t Sh ° Wn " the " 9Ure ' muCh ,ike the 1 394 in,erf ace unit 36 employed i ^ ne op'ca. maonetic 
d,sc apparatus 3 shown ,n Fig.15 and the 1394 interface unit 26 employed in the DVD p.ayer 1 show Tin Fiqn Te 
conf.gurat.on comprises an additive generator 271 , an LFSR (Linear Feedback Shift Register) 272 a shrink Venerator 

?72 'the ! h SUb k traC, ° r 274 W ?f COrreSpond to the generator 171, the LFSR (Linear FbJ^S^^^) 

172, the shnnk generator 173 and the subtractor 174 shown in Fiq 15 resoectivelv Th* kp U i- tnr „ V "® 9lste ° 

the ; Za TV" 9 o?" 1 ljCenSe mana9er 62 3re ,he Same as the ke * and the derangement key SNnpu! to 
the 1394 interface un,t 36 shown in Fig. 15 from the firmware 30. However, all bits of the mitia. Sue kev Ss of the 
session key S .nput to the 1 394 unit 49 shown in Fig. 1 7 are reset to 0 

Fig. 1 8 is a diagram showing a detailed configuration of the 1 394 interface unit 49 which is shown in Fin , 7i n a 
r p P 'f U " a,S ° ° bViOUS ,ha * Confia - a t- of the 1 394 interlace unHg emp^ ^erlon al 

^TZT p To '"I' 9 18 iS baSiCa " y identiCa ' Wi,h ,ha ' ° f ,he 1394 intertace 26 employed in the DVD plave^ 
IxceoTrhT, 9 ,k 2 ,h ? 1394 in,er<aCe Unit 36 empk * ed ln the °P ,ical ma 9ne.ic disc apparatus 3 shown^g i 6 
session? S CaSe ° f 1394 in,ertaCe 49 ShOWn in R B- *™ all bits of the initial value key Ss of ,h! 
* onfv ? Z , ' nP t0 1394 49 Sh ° Wn in R9 17 are reset to °' in essence ' 'he decryption key .s cenel ed 
ketss 1 T 'T'? 19 ' WhlCh iS 96nerated ,r ° m ,he kev f and the derangement key Si as iUhe ini,!a, va ue 
key Ss were not available. As a result, at the subtractor 274, the encrypted data or the encrypted text I ^ecrw^H Z 

"ha 6 "r™^ 1 S ' nCe ,^,tia, V3,Ue ke ^ SS has - l been the de^Sn y j a com'pSe^ 

clear tex, has no, been obtained yet as a result of the decryption. That is to say, the result of the decrypLn ^ s'l. in 
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an encrypted state. Thus, data resulting from the decryption can not be used as it is even if the data is copied from the 
internal bus 51 to a hard disc mounted on the hard disc drive 47 or another recording medium. 

Then., the data or the text decrypted by hardware in the 1349 interface unit 49 by using the time variable key i is 
further decrypted by software in the application module 61 Fig. 19 is a diagram showing a typical configuration of the 
5 application module 61. Basically resembling the 1394 interface unit 26 employed in the DVD player 1 shown in Fig. 
1 1 : the 1 394 interface unit 36 employed in the optical magnetic disc apparatus 3 shown in Fig.1 5 and the 1 394 interface 
unit 49 employed in the personal computer 2 shown in Fig. 17, the application module 61 shown in Fig. 19 comprises 
an additive generator 371, an LFSR (Linear Feedback Shift Register) 372, a shrink generator 373 and a subtractor 
374 which have configurations identical with the additive generator 171, the LFSR (Linear Feedback Shift Register) 
to 172, the shrink generator 173 and the subtractor 174 shown in Fig. 15 respectively 

It should be noted, however, that while the initial value key Ss of the session key S is supplied to the application 
module 61 as is the case with the 1394 interlace unit 26 employed in the DVD player 1 shown in Fig. 11 and the 1394 
interface unit 36 employed in the optical magnetic disc apparatus 3 shown in Fig. 15, the derangement key Si of the 
session key S for deranging the time variable key i and the key i' are each a unit element will all bits thereof reset to 0. 
? 5 Fig. 20 is a diagram showing a detailed configuration of the application module 61 which is shown in Fig. 19 in a 

simple and plain manner. It is also obvious that the configuration of the application module 61 is basically identical with 
that of the 1394 interlace unit 26 employed in the DVD player 1 shown in Fig. 12, the 1394 interface unit 36 employed 
in the optical magnetic disc apparatus 3 shown in Fig. 16 and the 1394 interlace unit 49 employed in the personal 
computer 1 shown in Fig. 18. Components employed in the application module 61 shown in detail in Fig. 20, from the 
20 adder 381 employed in the additive generator 371 to the FIFO unit 392 employed in the shrink generator 373, corre- 
spond to the components employed in the 1394 interface unit 36 shown in Fig. 16, from the adder 181 employed in 
the additive generator 171 to the FIFO unit 192 employed in the shrink generator 173 respectively. Since all the bits 
of the key i* held in a register 384 and the derangement key Si held in a register 385 are 0, however the bits of the 
time variable key i generated by the adder 386 are all 0. As a result, the application module 61 in essence operates 
as if the time variable key i were not present. That is to say, the generation of a decryption key is based only on the 
initial value key Ss. Then., a subtractor 374 decrypts the encrypted data or by using the decryption key generated in 
this way to produce a clear text. As described above : the encrypted data is a result of the decryption carried out by the 
1394 interface unit 49 based on the time variable key i, which is generated from the key i* and the derangement key 
SL at the so called 1 st stage of decryption. On the other hand : the decryption carried out by the application module 61 
30 based on the initial value key Ss is called a 2nd stage of decryption for producing a final completely clear text. 

When the decryption of the encrypted text described above is completed at the optical magnetic disc 3, the CPU 
31 supplies the decrypted data to the drive 35 for recording the data onto an optical magnetic disc. 

In the personal computer 2, on the other hand, the CPU 41 supplies the decrypted data resulting from the 1 st stage 
of decryption carried out by the 1 394 interface unit 49 typically to the hard disc drive 47 for recording the data by way 
3S of the internal bus 51 . It should be noted that, in the personal computer 2, a predetermined board can be connected 
to the input/output interface unit 44 as the expansion board 48 for monitoring data transmitted through the internal bus 
51 as described earlier. Nevertheless, it is only the application module 61 that is capable of finally decrypting data 
transmitted through the internal bus 51. Thus : even if the expansion board 48 is capable of monitoring encrypted data 
resulting from the decryption carried out by the 1394 interface unit 49 based on the time variable key i, the encrypted 
data is not the completely clear text because the data has not been decrypted by the application module 61 by using 
the initial value key Ss of the session key S. As a result, it is possible to prevent a completely clear text from being 
copied illegally provided that the completely clear text resulting from the final decryption carried out by the application 
module 61 is never transmitted through the internal bus 51 . 

Typically adoption of the Diffie - Hellman technique allows the session key S to be shared by a source and sinks. 
It is worth noting that there are cases in which the 1 394 interface unit 49 or the application module 61 employed 
in the personal computer 2 has a relatively low processing power so that it is not capable of carrying out decryption of 
data. In order to cope with such a problem, either of the initial value key Ss of the session key S and the time variable 
key i or both can be generated in the source as a unit element. By the same token, by using either or both of the keys 
as a unit element in the sink, data can virtually be transmitted from the source to the sink without using the initial value 
so key Ss of the session key S and the time variable key i. With such a scheme, however it is more quite within the bounds 
of possibility that the data is copied illegally 

If the application module 61 itself is an illegal copy, it is much to be feared that the clear text resulting from decryption 
carried out by the application module 61 will also be copied illegally. In order to solve this problem, the license manager 
62 may authenticate the application module 61 prior to decryption as described earlier. 

As a method for authenticating the application module 61 : a digital signature based on a disclosed encryption key 
encryption method can be adopted in addition to the common session key encryption/decryption technique described 
earlier. 

The configurations shown in Figs. 11,12 and 15 to 20 satisfy a homomorphism relation. Thai is to say, if keys 
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and K 2 are elements of a Galois field G. a qrouo Drocessino rp^i ill K w «f th« 

the Galois G ,„ ad«on, «. w foa I^Z^T^H^^rC^"^^'^ °' 

5 H(K, •K 2 ) = H(K 1 )-H(K 2 ) 

The data output by the LFSR 501 is added to the data output by the LFSR 502 bv an cn„ . 

ir e r d HH n r rned out by ,he adder 504 is ^ » jsz^^z ss e i^ h . A ,r.s Q ° ! h h : 

addition itself is added to the data output by the LFSR 501 hv *n ^Hrw a , ^ e 

ou, by the a**, 50. is a,so supplied'*, Je t^rel" ?C3^£jr^3S 

» to an exclusive logical sum computing circuit 508 addition itself is supplied 

01 1 T 0 h orTThf T 1 thG , Carf,eS SUPP ' ied ^ addefS 504 and 505 ,0 the Clockin 9 ,unct ™ unit 506 is either 00 
501 .n Inl UnC,l ° n Un " 506 ° U,pUtS d3,a ">P«*«>nting one of combinations 000 to 111 to the LFSRs 

501 to 503 ,n accordance with the combination of the carries received from the adders 504 and JiV a« h f! 
above, when the enable s.gnal with the logic value 1 is supplied to the LFSR^m ,„ 1 descrlbed 

* unit 506. the LFSRs 501 to 503 each shift L contents theTe^m b s o^un n n^^^e'^ 

th 9 e n LFSRs Si Tsa^ * ° f IT^ * ^ 501 * 5 ° 3 ,ram the C,OC " n 9 'action u^ ^0!?^^? 

Th " 1 t0 f 3 d0 , nOt Sh,,t ,he Con,ents ,here <* ouipmn 9 the same m-bit data as the data output rl, before 
the .Lf Tt 9 ' Cal COm P utin 9 circurt 508 r ^eives the result of addition carried out by the adder 505 and 
the time vanab.e key ■ stored in the register 507. calculating an exclusive logical sum of the inputs A7exc.uXelLS 

ooTcaTr 9 C,rCUrt 509 CalCUla,£S an ° ther eXC ' USiVe '°9 ical sum °» < he Elusive logical sum output by th "cS 
logical sum computing circuit 508 and an input clear text, outputtmg the other exc.usivelogica, sum ^J^Z 

ooti^ mS , h 9 W ' n9 an ° ,her ,yPiCa ' de ' ailed juration of the 1 394 interface unit 36 employed in m e 

??Z^^T a,U | 3 Sh ° Wn " ,i9UrS! a " COmpo - nts - the 1 394 intern 36 from 

s II t T XC ' US,Ve '° 9,Cal SUm com P utin 9 c '™rt 609, have the same configurations as the ^rresoondTno 
s components employed in the 1 394 interface unit 26 shown in Fiq 21 from the LFSR to th! 1 corresponding 

> computing eircuil 509 employed in the latter enerypls a clear text exclusive logical sum 

„»,™., 23 " 3 Sh0 "*" 9 an01he ' ' VplCal d8,ai,sa """Wailon °' me 1394 interlace unit 49 employed in the 

70 »„„ , * , ShOWn " 0,6 " 9U,S ' a " c °"«>°™*>" «"P'oy« i" the 1 394 inledaoe unit49ftom» LFSR 

23. the decryption of an encrypted text is in essence based only on the time variable Rpv i in th* ~ . ™7 1 \. 9 
generated from the key P and the derangement key Si of the session ke^S * * fe9 ' S,er ? ° 7 Wh,Ch ' S 

Fig. 24 .s a diagram showing another typical detailed configuration of the aoblication mod,.!* fit n t .h„ 
com put er 2 . As shown in the figure, aH components empioyed in the app^^^T^S^S^ 
,n Te ^TT" C ° m ^' in9 CirCUit 8 ° 9 ' h3Ve ,he SamS durations as the corresponding components employed 
The on.v H « aC l Un 36 Sh ° Wn " F ' 9 22 ' fr ° m the LFSR 601 ,0 ,he e * clusive '°9^l sum computing cS 609 

to the tegiste, 807 employed in .he teller is a unit elemen, wW all oils ,hereS res.T o 0 m« I ^ f 
appliealion modute S, employed * Ihe persona, computer 2 ,„ ^^-^^=^^2^1?^ 
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essence based only on the initial value key Ss of the session key S. 

tt should be noted that the decryption processing in each of the configurations shown in Figs. 19, 20 and 24 is 
carried out by the application module 61 which is typically implemented by software. 

By the way, a license key can be changed or updated, if necessary, should the license key be stolen for some 
reasons by any chance, it is needless to say that a license key can also be changed once a predetermined period of 
time even if the license key is not stolen should it be quite within the bounds of possibility that the license key is stolen. 
In this case, the version of a license key representing the term of validity is recorded on a DVD. In the case of the 
present embodiment, the term of validity of a license key is represented by the number of times the hash function is 
to be applied to generate the license key. If an information receiving apparatus for receiving information transmitted 
through a satellite instead of information played back from a DVD player is an object being operated, only information 
of a valid version is transmitted to the information receiving apparatus by way of the satellite. 

Figs. 25 and 26 are diagrams showing an embodiment implementing a procedure for generating a source side 
common session key sk in the DVD player 1 and a sink side common session key sk' in the personal computer 2 by 
using an updated license key. It should be noted that ; in addition to the fact that various pieces of information are stored 
in the EEPROM unit 27 employed in the DVD player 1 and the EEPROM unit 50 employed in the personal computer 
2 of the embodiment shown in Fig. 4._ the hash function is also stored not only in the EEPROM unit 26, but also in the 
EEPROM unit 50 in the case of the present embodiment. 

As shown in Fig. 25, the procedure begins with a step Si 51 at which the DVD player 1 serving as a source makes 
a request to the personal computer 2 serving as a sink for the ID thereof. Then, the procedure goes on to a step S1 52 
at which the personal computer 2 receives the request for the ID. The procedure then proceeds to a step SI 53 at which 
the personal computer 2 transmits the ID to the DVD player 1 . Then, the procedure continues to a step S154 at which 
the DVD player 1 receives the ID. 

Subsequently, the procedure goes on to a step S1 55 at which the DVD player 1 concatenates the ID received from 
the personal computer 2 with a service key stored in the EEPROM unit 27 to form data (ID || service_key). Then, a 
license key Ik is computed by applying the hash function to the data (ID || service_key) as shown in the following 
equation: 



Ik = hash (ID || service_key) 

30 

The pieces of processing performed at the steps S151 to S155 as described above are the same as those carried 
out at the steps S1 to S5 of the procedure shown in Fig. 4. 

The procedure then goes on to a step S156 at which the DVD player 1 forms a judgment as to whether or not the 
license key Ik generated at the step Si 55 has a valid version, that is, whether or not the license key Ik has been 

35 generated by applying the hash function a number of times equal to a predetermined value recorded on the DVD. As 
described above, the present valid version of a license key Ik is recorded as the predetermined value representing the 
number of times the hash function is to be applied to generate the license key Ik. Assume that the predetermined value 
recorded on the DVD is greater than one. Since the number of times the hash function has been applied to generate 
the license key Ik at the step S1 55 is 1 : the license key tk is judged to be invalid. In this case the procedure proceeds 

40 to a step S157 at which the DVD player 1 initializes a variable g indicating the number of times the hash function has 
been applied to generate the license key Ik at 1 and stores the generated license key Ik in a variable 1kg. Then, the 
procedure continues to a step S158 at which the hash function is applied to the contents of the variable Ikg to find a 
new license key lk g+1 according to the following equation; 

45 Vi = hash < lk g> 

Subsequently, the procedure goes on to a step S159 to form a judgment as to whether or not the license key lkg +1 
generated at the step S158 has a valid version. If the license key ikg+1 does not have a valid version, that is, if the 
so variable g has not reached the predetermined value in the case of the present embodiment, the procedure proceeds 
to a step S160 at which the DVD player 1 increments the value of the variable g by 1 and stores lkg +1 in the variable 
lk g . The procedure then returns to the step S158 at which the hash function is again applied to the contents of the 
variable tk g . 

The steps S1 58 and S1 59 are executed repeatedly till the value of the variable g, that is, the number of times the 
55 hash function has been applied to generate the license key, reaches the predetermined value recorded on the DVD 
as a version of the license key. 

It should be noted that the predetermined value serving as an upper limit of the number of times the hash function 
can be applied to generate the license key is set typically at 100. 
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J hen, the procedure continues to a step S1 62 at which th^ nvn niax/or i 
key 5 K generated at the step si 61 by using*. .iLnsTk^ ^ 
an encrypted source side common session key e in accordance vl the foEir?^?^: " Pr0dUC6 



e = Enc (lk g , sk) 



'5 Subsequently, the procedure goes on to a step Si 63 at which the DVD olaver 1 transmit* ,ho» 

side common session kev e Generated at th» Qt-n qiro i «. 1 transmits the encrypted source 

generate ncense_key w+1 : a new i IC ense key in accordance with the following equation: 

license__key w+1 = hash (license_key w ) 



sk' = Dec (license_key , e) 



the version of a license key is no, transmitted. The procedure then proceeds lo Tsteo h k ** n ~ Mm ° 

computer 2 receives the encrypted source s.de common sesston , key e Then iL n^ J * PerS ° na ' 



sk' = Dec (license_key, e) 
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In the mean time, at a step Si 66, the DVD player 1 encrypts data to be transmitted to the personal computer 2 by 
using, among other keys : the source side common session key sk generated at the step ST 61 and transmits the 
encrypted data to the computer 2. The procedure then goes on to a step Si 67 at which the personal computer 2 
receives the encrypted data and then to a step S168 to decrypt the encrypted data by using, among other keys, the 
sink side common session key sk' generated at the step S165. Then, the procedure proceeds to a step S169 at which 
the personal computer 2 forms a judgment as to whether or not data resulting from the decryption carried out at the 
step S168 is correct. For example, data received as a TS (Transport Stream) packet of the MPEG system has a code 
for synchronization with a hexadecimal value of 47 in the head of the packet. In this case, the judgment as to whether 
or not data is correct can be formed by checking whether or not the synchronization code is perfect. 

If correct decrypted data was not resulted in at the step S168, the procedure goes on to a step Si 70 at which the 
personal computer 2 updates the license key in accordance with the following equation: 



75 



20 



license_key = hash (license_key) 

Then, the procedure proceeds to a step Si 71 at which the personal computer 2 again decrypts the encrypted 
source side common session key e received at the step S164 to produce a new sink side common session key sk 1 
using the updated license key generated at the step Si 70 in accordance with the following equation: 

sk' - Dec (license_key, e) 



Subsequently, the procedure returns to the step S168 to again decrypt the encrypted data received at the step 
SI 67 by using, among other keys, the sink side common session key sk' generated at the step S171. Then, the pro- 
25 cedure proceeds to a step S169 at which the personal computer 2 forms a judgment as to whether or not data resulting 
from the decryption carried out at the step Si 68 is correct. As such, the steps S170 : S171 , S168 and S169are executed 
repeatedly till the outcome of the judgment formed at the step Si 69 indicates that correct decrypted data was obtained 
at the step S 168. 

In this way, the license key is updated to produce correct encrypted data. 

30 As indicated by the procedure described above, in the source, the source side common session key sk has to be 

generated before data to be transmitted to the sink is encrypted by using the source side common session key sk. In 
the sink, on the other hand, the decryption of the encrypted data received from the source needs to be synchronized 
with the decryption of the encrypted source side common session key e received from the source. To be more specific, 
the procedure on the sink side can not go on from the step Si 65 to decrypt the encrypted source side common session 

35 key e to the step S168 to decrypt the decrypted data till the step S167 to receive the encrypted data is completed. 

In addition, the decryption of an encrypted source side common session key e and an encrypted text carried out 
by the sink must be synchronized with the encryption of a source side common session key sk and a clear text performed 
by the source. That is to say, a decryption key generated by the components composing the 1394 interface unit 36 
employed in the optical magnetic disc apparatus 3 shown in Fig. 22, from the LFSR 601 to the exclusive logical sum 

40 computing circuit 608, has to correspond to an encryption key generated by the components composing the 1394 
interface unit 26 employed in the DVD player 1 shown in Fig. 21, from the LFSR 501 to the exclusive logical sum 
computing circuit 508, and encrypted data decrypted by using the decryption key must be data resulting from encryption 
of a clear text by using the encryption key. As described above, the encryption key has thus to be generated by the 
1394 interface unit 26 shown in Fig. 21 in synchronization with (that is, prior to) the encryption of the input clear text 

45 and the decryption key must therefore be generated by the 1 394 interface unit 36 shown in Fig. 22 in synchronization 
with (that is, prior to) the decryption of the received encrypted text even though the synchronization is not explicitly 
shown in Figs. 21 and 22. 

Accordingly if a bit is missing for some reasons from a packet composing an encrypted text transmitted from a 
source to a sink by way of the 1 394 serial bus 11 : a phase representing a timing relation between a clear text and an 

so encryption key in the source can not be sustained as a phase representing a timing relation between an encrypted text 
and a decryption key in the sink. However, this problem can be solved by updating or reinitializing the phase repre- 
senting a timing relation between an encrypted text and a decryption key in the sink periodically. Fig. 28 is a diagram 
showing a typical configuration of an embodiment implementing a source/sink system for updating or reinitializing the 
phase representing a timing relation between an encrypted text and a decryption key in the sink periodically 

55 As shown in the figure, in the source, an exclusive logical sum computing circuit 901 computes an exclusive logical 

sum Ci of a random number generated by a random number generator 903 and an input clear text and outputs the 
exclusive logical sum Ci to an exclusive logical sum computing circuit 904 and a processing circuit 902 which also 
receives the initial value key Ss of a session key S. The processing circuit 902 carries out predetermined processing 
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on the ,n,t,al value key Ss of the session key S and the exclusive logical sum Ci output by the exclusive looical s ,,m 
computmg c.rcu.t 901 .outputting a result Vi of the process.ng to the random number w^^ZSSStZ? 

The exc.us.ve log.cal sum computing circuit 904 computes the exclusive logical sum of the excisfve SaTJum 
C. generated by the exc.usive logical sum computing circuit 901 and a time variable key i to^SteT2SiSS 
text which is transmitted to the sink through the 1 394 serial bus 11 generate an encrypted 

The sink carries out operations in the reversed order of those performed by the source. To be more specific an 
exclusr,e logical sum computing circuit 911 computes an exc.usive logical sum Ci of the encrypted te^7received from 
the source through the 1394 serial bus 11 and the time variable key i, outputting the exclushS tooSi r, ,«T 
exc^e logical sum computing circuit 912 and a processing circuits Ich aiso'JSvt 7*1 iS IsZeley Ss 
of the session key S. The processing circuit 913 carries out predetermined processing on the ini.iafva.ue ke Ss of 
the session key S and the exclusive .ogical sum Ci output by the exclusive logical sum computing c S. ^SSnt 
a process.ng result V. to a random number generator 914. The random number generator 914 generates a Sndom 
number w„h the processing result Vi from the processing circuit 91 3 used as an initial value. The Z^oVStZ 
computing c.rcurt 91 2 computes a final exc.usive logical sum of the random number generated b nZ Random numbTr 
generator 9 4 and the exclusive logical sum Ci generated by the exc.usive logical ^ccn^in^^^Z 
the final exclusive logical sum as a clear text. ' ou, P u,tin S 

th„ rloJ; 9 ^ 3 d »! a9ram Sh ° Win9 3 tyPiCa ' conU 9 urat >°" of the random number generator 903. As shown in the fiqure 
the random number generators 903 comprises components, from an LFSR 931 to a clocking function unit 936 Each 
of the components shown in the f.gure has a function identical with the corresponding LFSR 501 etc the !dder 504 
etc. or the clock functioning unit 506 etc. of the embodiments shown in Figs 21 to 24 

q en^ra?o^9 l 0? S how , nfn , F h i a o , £T TT T^' 914 te ^ Same confi 9"a«.on as the random number 

generator 903 shown n F.g. 29. Therefore, .t ,s not necessary to show the configuration of former ,n a separate figure 

F,g. 30 shows a flowchart representing operations carried out by each of the process.ng circuits 902 and 91 3 on 
the source and sink sides respectively. 

The operations are explained by referring to the flowchart shown in Fig 30 as follows 
» « J he v P ;° Cessin 9 circ " jt 902 on the sourc « side has a function f expressed by an equation given below to compute 
s^nTe^T SUPPHed there, ° ^ eXdUSiVe l09iCal C ° mPU,in9 dreuit 901 «« lhe tnhiaTvSSC 



Vi = f (Ss, Ci) 



As shown in the figure, the flowchart begins with a step S201 at which the processing circuit 902 uses the value 
0 as an m.t.al value of the input Ci to compute a value Vi = f (Ss, Ci) as follows: 



V 0 = f(Ss, 0) 



The operat.onal flow then goes on to a step S202 at which the value V 0 computed at the step S201 is supplied to 
the random number generator 903 shown ,n Fig. 29. In the random number generator 903 the value vl o^put bwhe 
processing circuit 902 is supplied to the LFSR 931 to 933 as an initial value. By using the same technique as the ?394 
-nterface unit 26 shown in Fig. 21 and the other embodiments shown in Figs. 22 to 24, a random number is Q^e a^d 
and output by the adder 935 employed in the random number generator 903 to the exc.us.ve logS sum compu, nq 
arcurt go, show ln Fig 28 The exclusjve logjca , sum computj cjrcujt ^ exclusle ogTal sum C o^ 

li^i r U K ber 9Snera,ed ^ rand ° m nUmb6r 9enera, ° r 903 and an in ? ut cle *' ^x.. output, ing the ixSus ve 
logical sum C. back to the processing circuit 902. tuning me exc.usive 

In the mean time, the operat.onal flow shown in Fig. 30 proceeds to a step S203 at which the processina circuit 
902 : sets a vanable i at 1. The operational flow then continues to a step S204 at which the exc.us.veToaiS sum C 
recerved from the exclusive logical sum computing circuit 901 is stored in a variable C eXCIUS,ve loa,cal sum Cl 

Then, the operational flow goes on to a step S205 at which the processing circuit 902 carries out processino in 
accordance with the following equation: processing in 

Vi = f (Ss, Ci) + V M 

where Ci is the contents of the variable C. 

Since the value of the variable i is 1 at the present time, the above equation can be rewritten as follows: 
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V1 =f(Ss. 0,) + V Q 

where V 0 is a value computed at the step S201 . 

5 Subsequently, the operational procedure goes on to a step S206 at which the processing circuit 902 forms a 

judgment as to whether or not the contents of the variable C, that is, in this case, are equal to a predetermined 
value T set in advance. In the mean time, the exclusive logical sum computing circuit 901 outputs other exclusive 
logical sum Ci to the processing circuit 902. If the exclusive logical sum Ci is found unequal to the value T at the step 
S206, the operational flow proceeds to a step S207 at which the contents of the variable i are incremented by 1 before 

io returning to the step S204 at which the other exclusive logical sum Ci received from the exclusive logical sum computing 
circuit 901 , that is, C 2 since i = 2. is stored in the variable C. 

Then, the operational flow goes on to the step S205 at which the processing circuit 902 carries out processing in 
accordance with the following equation: 

75 V 2 = f(Ss, C 2 )+V 1 

where V1 is a value computed at the step S205 in the immediately previous iteration. 

Subsequently, the operational procedure goes on to the step S206 at which the processing circuit 902 forms a 

20 judgment as to whether or not the input exclusive logical sum Ci, that is, C 2 in this case, is equal to the predetermined 
value T. If the input exclusive logical sum Ci is found unequal to the value T, the operational flow proceeds to the step 
S207 at which the contents of the variable i are incremented by 1 before returning to the step S204. In this way, the 
steps S204 to S207 are executed repeatedly till the input exclusive logical sum Ci becomes equal to the value T. 

If the input exclusive logical sum Ci is found equal to the value T at the step S206, on the other hand, the operational 

25 flow proceeds to the step S208 at which the value Vi (that is, V., in this case) computed at the step S205 is output to 
the random number generator 903 as the value V 0 computed at the step S201 was output to the random number 
generator 903 at the step S202. In the random number generator 903, the value VI output by the processing circuit 
902 is supplied to the LFSR 931 to 933 as an initial value. A random number for the initial value is generated and 
output by the adder 935 employed in the random number generator 903 to the exclusive logical sum computing circuit 

30 901 shown in Fig. 28. The exclusive logical sum computing circuit 901 computes an exclusive logical sum Ci of the 
random number generated by the random number generator 903 and an input clear text, outputting the exclusive logical 
sum Ci back to the processing circuit 902. 

In the mean time, after the processing circuit 902 outputs the value Vi at the step S208 to the random number 
generator 903, the operational flow shown in Fig. 30 returns to the step S203 at which the processing circuit 902 resets 

35 the variable i at 1. Thereafter, the steps S203 to S208 are executed repeatedly. 

Assume that the value T is 8 bits in width and the generation probability of the value of Ci is uniform. In this case, 
the probability of the Ci value's being equal to T is 1 /256 where 256 is the eighth power of 2. That is to say, the generation 
of the exclusive logical sum Ci having a value equal to T occurs at a rate of once per 256 sequential operations carried 
out by the exclusive logical sum computing circuit 901 to generate the exclusive logical sum Ci. As a result, the initial 

jo value used in the random number generator 903 for generating a random number is updated at a rate of once per 256 
sequential operations carried out by the exclusive logical sum computing circuit 901 to generate the exclusive logical 
sum Ci. 

The exclusive logical sum Ci output by the exclusive logical sum computing circuit 901 is also supplied to the 
exclusive logical sum computing circuit 904 for computing the exclusive logical sum of the exclusive logical sum Ci 

is and the time variable key i. The exclusive logical sum computed by the exclusive logical sum computing circuit 904 is 
output to the 1394 serial bus 11 as an encrypted text. 

In the sink the exclusive logical sum computing circuit 911 computes an exclusive logical sum Ci of the encrypted 
text received from the source through the 1 394 serial bus 11 and the time variable key i : outputting the exclusive logical 
sum Ci to the exclusive logical sum computing circuit 912 and the processing circuit 91 3 which also receives the initial 

so value key Ss of the session key S. Much like the processing circuit 902 on the source side, the processing circuit 91 3 
carries out predetermined processing on the initial value key Ss of the session key S and the exclusive logical sum Ci 
output by the exclusive logical sum computing circuit 911, outputting a processing result Vi to the random number 
generator 914 at a rate of once per 256 sequential operations to generate the exclusive logical sum Ci. The random 
number generator 91 4 generates a random number with the processing result Vi used as an initial value. The exclusive 

55 logical sum computing circuit 912 computes a final exclusive logical sum of the random number generated by the 
random number generator 914 and the exclusive logical sum Ci generated by the exclusive logical sum computing 
circuit 911 and outputs the final exclusive logical sum as a clear text. 

As described above, the processing circuit 91 3 outputs the processing result Vi to the random number generator 
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914 at a rate of once per 256 sequential operations carried out bv the exclusive innir*. « 

generate the exclusive logical sum Ci As a result a ohase r P r!« l n 9 computing circuit 911 to 

transmitted from a source to a sink by way o the \ 39AsefJZsT^ I 7 re ' a,i ° n b6,Ween an encrv ? ted te " 
in the sink can be recovered in the event of a Wt hZt^Z nUmber US6d as a decr VPtion key 

* text a, the time the processing circu^ oufp T« e proce s °ZZTv™JZ * C ° mP ° Sin9 the 

rate of once per 256 sequential operations tolen^e^ZZ^s^ ^ 9 " * * 

It should be noted that, since the processing circuit 902 or 913 outouK th*» nr.,. 
n™b 9 , 9eneralo , 914 ^ lh . exc| „ s , v(! ^ ° XI Z^T^TT^ 0 me ' an <*" , ' 

It is worth noting that the rate at which the processing circuits 902 and 91 3 cutout the ^ 
random number generators 903 and 914 can also be baJrt m I T , P Pressing result Vi to the 
« the source and received by the sink When a ofece o, P,SCeS °' encrv P' e d data transmitted by 

20 As an initial value used in the random number Generator Qm «r 01/ t»™ ~ . , 

exclusive logical sum computing circuit 901 or ^ C ' ° U,PU ' by ,he 

specvely as i, is. m th,s case, however transmitted^^ « 914 

exclusive logical sum Ci is stolen That is whv the ^i , ■ bus 11 : it is much to be feared that the 

instead, by using a value v" ^uKinq^D^ 9 ^ C ' iS ^ US6d direCtlv as an initia ' value. 

* initia, va^L thedata security can be Se^rSe? Pr ° CeSS ' n9 ^ °" °" ^ ^ ™ Ci * an 

-*3£ou^^ ^ ^ ™ -rial bus 11. One o, them ,s an 

method, data is transferred betweenTwo a^tu^Tn^e^h f ,he asvnch ™°- Tansfer 

broadcasted from one apparatus to a., o^e^^^ Z tLTI^ °° ^ ^ ^ «"* * 

*> t,cat,on of sinks and the key sharing protocol o, the embodiments shoTn fn Rg 4 "nd fheX; fi'au ^"T 

3S computer 2 is an unauthorized apparatus which doTnot haT.he ,o 1 7? . P ^ 1 SVen 11 ,he personal 
crypted source side common session key e i ar ^encr^o ed Ttexi re.T ^ AS de8C * ed 6arlief ' the en " 

session key sk using the license kev Ik Sine! the !7 ^ ' r0m encrv P tion °< a source side common 

have the correct Hcense key the '^^^^^T^, k* UnaUth0riZed a PP a ' a <- which does not 
key sk' by decryption of the enc^pteT»u^ sSriS^ P °! a ' n ' n9 ^ C °"" A Smk Side COmmon session 
" the encr/pted source side^om^ "» be — d = neverthe.ess. that 

If the personal computer 2 also receives the s ™op J£ Y decrypt,on of encrypted information as it is. 

encrypted source side common sess on kev eT.n .n , T, °" SeSS '° n k6y Sk (a Clear ,ex, > in addition to the 

session key sk usin g ^ C ~Tk tlVZ ea ~ £2% SaSTS" * ^ ^ ^ ^ 
are obtained. In this case, it is much to be feared that thP h!L, T h ! corresponding encrypted texts 

«* key that the persona, computer 2 does no, have , "1^ h ! f2 ; nCrvp,ed ,6X,S 3re Used ,or find '"9 the .icense 
encrypted texts known by an e^keTtf^eT'the^^ T " the m ° re ,he pairs ° r c,ear and 

used to produce the encrypted Te2 Tfrom the cCteT. ad ° P ' ed ^ 3t,aCker l ° kn ° W ,he ,icenSe key 

ID ter n CS B ^ , ; anSmit 3 ,a ' Se ,D 10 the P' a Ver 1 which uses the fa!se 

» key sk to produce the ^^^sS^^ J^T usedf - encrypting the source side common session 

2. Assume that the pe^cc^teT 2 Ja,S^ ^r^oTth"^^^ 6 ? ^ PerS ° na ' C ° mPU ' er 
common session key e durinq a session bv transmiltirmlnln ^ I transm,sslon of an encrypted source side 
license kevsar* n,^,^ =,1 . "'^ an ' U " SUCf1 a rec ^ uest is mad * several times, a plurality of 

a plurality of encrypted source side colon I Ton ^ ^eslltfromT ^ r*?' C ° mpU,er 2 AS 3 r6SU,t ' 
» session key sk for the session are received by jZ , ^ the SOUrCe Side C ° mm ° n 
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above. The procedure prevents an unauthorized sink from receiving a plurality of encrypted source side common 
session keys e resulting from encryption of a source side common session key sk by using different license keys Ik. 
The procedure shown in the figure is basically the same as the one shown in Fig. 4 except that, prior to a request for 
an ID made by the source to the sink, some pieces of processing are carried out. 

To put it in detail, as shown in the procedure of the figure, at a step S201 : the personal computer 2 serving as the 
sink transmits a request for authentication, that is, a request for the start of an authentication protocol, to the DVD 
player 1 serving as the source. This request for authentication is transferred by using the asynchronous transfer method 
as is the case with the other transfers in the protocol. 

Apparatuses connected to the IEEE 1394 serial bus 11 each have a unique node number assigned thereto at a 
bus reset time. The node number is used to specify and identify an information transmitting or receiving apparatus. 

Fig. 32 is a diagram showing the format of a write request for a data quadlet packet, one of asynchronous packets. 
The destination ID field of the format is the node number of an information receiving apparatus and the source ID field 
of the format is the node number of an information transmitting apparatus. In the case of a packet conveying a request 
for authentication, data indicating that the packet is a request for authentication is included in the quadlet data field. 

Receiving the asynchronous packet conveying a request for authentication at a step S202, the DVD player 1 
fetches the source ID, that is, the node ID of an information transmitting apparatus transmitting the packet. The pro- 
cedure then goes on to a step S203 at which the DVD player 1 forms a judgment as to whether or not an encrypted 
source side common session key e resulting from encryption of the source side common session key sk for the present 
session has been transmitted to the information receiving apparatus identified by the node number. If the outcome of 
the judgment formed at the step S203 indicates that an encrypted source side common session key e resulting from 
encryption of the source side common session key sk for the present session has been transmitted to the information 
receiving apparatus identified by the node number the processing of the authentication protocol for the personal com- 
puter 2 is terminated. If the outcome of the judgment formed at the step S203 indicates that an encrypted source side 
common session key e resulting from encryption of the source side common session key sk for the present session 
has not been transmitted to the information receiving apparatus identified by the node number, on the other hand, the 
procedure goes on to a step S204 to start execution of the authentication protocol. 

Pieces of processing carried out at the steps S204 to S213 of the procedure shown in Fig. 31 are the same as 
those of the steps S1 to S10 of the procedure shown in Fig. 4. 

After the above pieces of processing are carried out, at a step S214, the DVD player 1 records the node number 
of the personal computer 2 fetched at the step S213 into the EEPROM unit 27. The node number is kept therein as 
long as the DVD player 1 uses the source side common session key sk of the present session. As another source 
session key sk is generated for a next session, the node number is deleted from the EEPROM unit 27. 

With the protocol described above, only one encrypted source side common session key e is transmitted to a sink. 
As a result, security of transmitted information can be improved. 

By the way, at the step S7 of the authentication protocol shown in Fig. 4, a source side common session key sk 
is encrypted by the source using a license key fk to produce an encrypted source side common session key e which 
is then transmitted to the sink. As an encryption algorithm, a block encryption is used widely. In the block encryption, 
a clear text is encrypted in fixed length block units. A DES encryption is a generally known block encryption. The DES 
encryption is an encryption algorithm for transforming each 64bit block of a clear text into a 64bit encrypted text. 

Assume that an n-bit block encryption is an encryption algorithm used at the step S7 of the procedure shown in 
Fig. 4 to transform an n-bit clear text into an n-bit encrypted text and the number of bits in the source side common 
session key sk is n. Also assume that an n-bit result obtained from application of the encryption algorithm to the n-bit 
source side common session key sk and the license key Ik is used as it is as an encrypted source side common session 
key sk e. 

Assume that the source makes an attempt to transmit another encrypted source side common session key e to a 
sink after a previous encrypted source side common session key e in the same session. Also assume that the previous 
encrypted source side common session key e has been stolen by an unauthorized person. Since the transaction is 
done in the same session, the source side common session key sk remains unchanged. In addition, since the same 
encryption algorithm is adopted in producing the other encrypted source side common session key e from the source 
side common session key sk and the same license key Ik is used in the algorithm, the other encrypted source side 
common session key e is the same as the previous encrypted source side common session key e. It is quite within the 
bounds of possibility that the other encrypted source side common session key e is also stolen by an unauthorized 
person. If the other encrypted source side common session key e is also stolen by the unauthorized person by any 
chance, the person will know that the same source side common session key sk is still being used, causing a problem. 

An embodiment implementing an authentication procedure shown in Fig. 33 addresses the problem described 
above. Since pieces of processing carried out at steps S221 to S226 of the procedure shown in the figure are the same 
as those of the steps S1 to S6 of the procedure shown in Fig. 4, their explanation is not repeated. 

At a step S227, the source generates an n-bit random number r. The procedure then goes on to a step S228 at 
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e = Enc (Ik, r|| sk) 

„ ra tiInT a CryPt , i0n 15 C3 , rried OU ' jn ^ enC,yption mode called a CB C mode. Fig. 34 is a diagram showing the config- 
urate of a system .mplement.ng the CBC mode. The left hand side half and the right hand side half of the figure 
represen encryption and decryption respectively. The same initial values IV are stored in registers 1003 and 1012 
The initial value IV is fixed throughout the entire system. 

In the encryption processing, first of all, an exclusive logical sum processing circuit 1001 computes an exclusive 
logical sum of a 1st n-bit block of a clear text and the initial value ,V stored in the register 1003. The exc.uLe toical 
value is supphed to an encryptor 1002. An n-bit encrypted text produced by the encryptor 1002 ,s outpuf to a cSJ 
nication l.ne as a 1 st block and fed back to the register 1003. 

When a 2nd n-bit block of the clear text is supplied, the exclusive logical sum processing circuit 1001 computes 
an exclusive logical sum of the 2nd n-bi. block of the clear text and the 1st block of the encrypted text stored in the 
register 1003^ The exclusive logical value is supplied to the encryptor 1002 to be encrypted therein. An n-bit encrypted 
text produced by the encryptor 1002 is output to the communication line as a 2nd block and fed back to the register 
1 003. The operations described above are carried out repeatedly. 

On the decryption side, on the other hand, the i st block of the encrypted text transmitted through the communication 
line ,s decrypted by axfecryptor 1011 . An exclusive logical sum processing circuit 101 3 computes an exclusive logica. 
sum of the output of the decryptor 1011 and the initial value IV stored in a register 101 2 to produce the 1 st block of the 

The 1st block of the encrypted text received through the communication line is also stored in the reqister 1012 
Then, the 2nd block of the encrypted text transmitted through the communication line is received and decrypted by the 
decryptor 101 1 . The exclusive logical sum processing circuit 1013 computes an exclusive logical sum of the 2nd block 
of the decrypts result output by the decryptor 1011 and the 1st block of the encrypted text stored in the register 1012 
to produce the 2nd block of the clear text. 

The 2nd block of the encrypted text received through the communication line is also stored in the register 1012 
The operations described above are carried out repeatedly to accomplish decryption processing 
It should be noted that, the CBC mode is described in detail in the second edition of the reference with the title 
"Applied Cryptography" authored by Bruce Schneider. 

Refer back to the procedure shown in Fig 33. At the step S228, the n-bit random number r and the source side 
common session key sk are used in the encryption algorithm as 1st and 2nd blocks of the clear text That is to sav 
he exclusive logical sum processing circuit 1001 computes an exclusive logical sum of the random number r that is 
the 1st n-b,t block of the clear text, and the initial value IV stored in the register 1003. The exclusive logical value is 

'° ' h 1 tf nCryPt ° r 1 002 *° be enC( yP ,ed ther *in by using the license key Ik. Thus, the encryptor 1 002 produces 

tnc (IK, r (+) IV). 

The output of the encryptor 1002 is stored in the register 1003. When the source side common session key sk 
that .s, the 2nd block of the clear text, is received, the exclusive logical sum process.ng circuit 1001 computes an 
exclusivelog.cal sum of the 2nd block of the clear text and the output of the encryptor stored in the register 1003 As 
a result, the encryptor 1002 produces Enc (Ik, sk (+) Enc (Ik, r (+) IV)). 

At a step S229, the source concatenates the two blocks with each other to produce e which is transmitted to the 
sink according to the following equation: 

e = Enc (Ik, r (+) IV) || Enc (Ik, sk (+) Enc (Ik, r (+) IV)) s 

On the sink side, the output e of the encryptor 1002 is received at a step S230. The procedure then goes on to a 
th! «D^ Wh '- Ch « he enCryp,ed source side common session ke Ve is decrypted by using the license key stored in 
key A reSUU °' d6Cryption com P rises a 1 st block r' and a 2nd block sk', the sink side common session 

In the encryption and decryption described above, only the use of the correct license key by the sink will result in 
sk _ sk'. As a result, the source and the sink are allowed to share a common session key. 

The equation of the encrypted source side common session key e given above means that, each time the source 
S7h e o C wr m0 ^l eSSIOn SK iS encryp,ed ' a dif,erent encrypted source side common session key e is resulted in even 
it me value of the sess.on key sk remains unchanged. This is because the random number r involved in the encryption 
changes. As a result, it is difficult for a person who stole different values of the encrypted source side common session 
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key sk to determine whether or not the values are generated in the same session. 

It should be noted that, in addition to the CBC mode described above, generally known use modes of the block 
encryption .nclude an ECB mode, a CFB mode and an OFB mode. Since the last two modes each include a feedback 
loop, they can be applied to the processing shown-in Fig. 33. As a matter of fact, any encryption modes can be applied 
to the processing shown in Fig. 33 as long as they include a feedback loop. Use modes of the block encryption are 
also described in detail in the second edition of the reference with the title "Applied Cryptography" authored by Bruce 
Schneider. 

By the way : in the processing implemented by the embodiment shown in Fig. 4. the source encrypts a source side 
common session key sk and transmits an encrypted source side common session key e to the sink Since only an 
authorized sink is capable of correctly decrypting the encrypted source side common session key e to produce a sink 
side common session key sk" having the same value as the source side common session key sk in essence the 
embodiment is a system wherein the sink is authenticated by the source. In this procedure, however, the source itself 
is not authenticated. As a result, even if an unauthorized source transmits haphazard data as an encrypted source 
side common session key to a sink, it is quite within the bounds of possibility that the sink accepts a result of decryption 
of the encrypted source side common session key e as a sink side common session key sk'. In order to solve this 
problem, an embodiment implementing the authentication procedure as shown in Fig. 35 is provided. 

As shown in the figure, the authentication procedure begins with a step S241 at which the personal computer 2 
serving as the sink generates a random number r having a predetermined number of bits. In the embodiment the 
number of bits is 64, a typical value. The procedure then goes on to a step S242 at which the random number is 
transmitted to the DVD player 1 serving as the source. Then, the procedure proceeds to a step S243 at which the DVD 
player 1 receives the random number r. Subsequently, the procedure continues to a step S244 at which the DVD player 

1 makes a request for an ID to the personal computer 2. The procedure then goes on to a step S245 at which the 
persona! computer 2 receives the request. Then, the procedure proceeds to a step S246 at which the personal computer 

2 reads out the requested ID from the EEPROM unit 50 and transmits the ID to the DVD player i. Subsequently the 
procedure continues to a step S247 at which the DVD player 1 receives the ID. 

The procedure then goes on to a step S248 at which the DVD player 1 generates a license key Ik by usinq the 
following equation. 

30 Ik = hash (ID || service_key) 

Then, the procedure proceeds to a step S249 at which the DVD player 1 generates a source side common session 
key sk. 

Subsequently, the procedure continues to a step S250 at which the DVD player 1 generates an encrypted source 
35 side common session key e by using the following equation: 

e = Enc (Ik, r || sk) 
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The procedure then goes on to a step S251 at which the DVD player 1 transmits the encrypted source side common 
session key e to the personal computer 2. 

It should be noted that any encryption mode including a feedback loop such as the CBC mode is adopted in the 
encryption carried out at the step S250. 

Then : the procedure proceeds to a step S252 at which the personal computer 2 receives the encrypted source 
side common session key e. Subsequently the procedure continues to a step S253 at which the personal computer 
2 decrypts the encrypted source side common session key e by using the license key to produce r'|| sk', a concatenation 
of r' with sk'. 

The number of bits included in r' is the same as that of the random number r generated at the step S241 which is 
determined in advance. 

The procedure then goes on to a step S254 at which the personal computer 2 examines if r = r' holds true If r = 
r' holds true, the personal computer 2 authenticates the DVD playerl as a valid source and accepts the source side 
common session key sk' as a correct session key This is because only an apparatus capable of generating a correct 
license key Ik is capable of generating such an encrypted source side common session key e that a result r* of decryption 
of the encrypted source side common session key e using the license key is equal to the random number r. 

If r = r' does not hold true, on the other hand, the personal computer 2 does not authenticate the DVD playerl as 
a valid source and, hence, discards the source side common session key sk'. 

By providing an embodiment for implementing an authentication procedure as described above, the sink is capable 
of authenticating the source. In addition, the authentication procedure also retains the feature that only an authorized 
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sink is capable of generating a correct sink side common session key sk' as is the case with the embodiment shown 

Fig. 36 is a diagram showing another embodiment implementing an authentication procedure whereby the sink is 
capable of authenticating the source. Since pieces of processing carried ou, a, steps S261 to S2 6 ToMhe procedure 
not regaled ' 9Ure ^ ^ ^ " ,h ° S6 ° f ^ °' » e Sh ° Wn in ^ «• their exp.analn " 

rone? 3 S,6P S i 6 L' IT* ° V ° P ' ayer 1 PiCkS UP ,ime informa,ion T To P"t " concretely, the contents of a 32-bit cycle time 
reg.ster preserved by the IEEE 13 94 specifications are typically used as time information. The cycle time reoiers 

Z JJ , T t,me in, ° rma,i0n °' apparatuse * connect ^ to the IEEE 1 394 seria, bus 11 uniform f^cyde t me 
3 Q?:i apP T a : a,USeS Upda,ed Uni, ° rmly by 3 Pack6t b ^dcas.ed by a cyc.e master, an apparatus on he 

1 394 sena. bus 1 1 The contents of each of the cycle.time registers are incremented by one by a comr^ clonal 
w, h a frequency of 24.576 MHz or incremented once for every about 40 nanoseconds through the , 394 se S buL 11 
in this way. the times o, the apparatuses connected to the 1 394 seria, bus 1 1 are adjusted to agree wHh each omer 

The procedure then goes on to a step S268 at which the DVD player 1 encrypts T || sk to produce an encTpted 
source side common session key e. Then, the procedure proceeds to a step S269 to transmit the encrypted source 
s.de common sess,on key e to the personal computer 2. I, shou.d be noted that any encryption mode incline a 
feedback loop such as the CBC mode is adopted as an encryption mode including a 

Then, the procedure proceeds to a step S270 at which the personal computer 2 receives the encrypted source 
side common session key e. Subsequently, the procedure continues to a step S271 at which the encrypted source 
s,de common sess.on key e ,s decrypted by using the license key to produce a result of decryption T' || sk' The T 
portion in the result of decryption is 32 bits in width. " ' 

The procedure then goes on to a step S272 to examine the validity of T by comparing V with the contents of the 
cycle, time register of the personal computer 2 itself. „ the difference is smaller than a typL. predetermined Zt of 

2S ^LTZTr ■ : "TT T 1 jUd9ed t0 be VaHd " dif,6renCe iS 9reat6r than the P-determined va'ue on the 

2 $ other hand T' is judged to be invalid. 

acceoti t P h a pS the H Validity ,eSt P6rSOnal C ° mPUter 2 jUd9eS the ° VD P ' ayer 1 ,0 be a va,id apparatus and hence 
accepts the sink side common sess.on key sk" If T' does not pass the validity test, on the other hand the personal 

d^ded T'h 9eS H he P 'f yer 1 '° ^ 30 inVa ' id aPParatUS - ' n thiS the Sink Side «*""»« session key sk f 

discarded. This .s because only an apparatus capable of generating a correct license key Ik is capable of generating 
30 such an encrypted source side common session key e that the result T of decryption of the encrypted source s de 

common session key e using the license key is equal to the contents of the cycle_time register 

By providing an embodiment for implementing an authentication procedure as described above the sink is caoable 

of authenticating the source. In addition, the authentication procedure also retains the feature that only an authorized 
3S fnRg 5 4 9^erating a correct sink side common session key sk" as is the case with the embodiment shown 

Jin 8 PrOCeSS ' n , 9 ,m P' emented ^ the embodiment shown in Fig. 4, on.y an authonzed sink having the license key 
.s capable of correctly decrypting the encrypted source side common session key e to produce a sink side common 
sess.on key sk" which is equal to the source side common session key sk. Thus in essence, the embodiments a 
system wherein the source authenticates the sink. In this system, however, even an unauthorized sink ifcapaole S 
obtaining an encrypted source side common session key e resulting from encryption of a source side common session 
key sk using a hcense key Ik. It ,s thus quite within the bounds of possibility that the unauthorized sink decrypts he 
encrypted source side common session key e in an attempt to obtain a sink side common session key sk' which is 
equal to the source side common session key sk. y 

Fig. 37 is a diagram showing an embodiment implementing an authentication procedure for solvinq the problem 
described above whereby the source transmits an encrypted text resulting from encryption of the source side common 
sess.on key sk only after the source has authenticated the sink as a valid apparatus. The procedure is explained below 
by refemng to F.g. 37. In this embodiment, any encryption mode including a feedback loop such as the CBC mode 
can be adopted as an encryption mode. 

Since pieces of processing carried out at steps S281 to S285 of the procedure shown in the figure are the same 
as those of the steps Si to S5 of the procedure shown in Fig. 4, their explanation is not repeated. A, a step S286 ,"e 
DVD player 1 generates random numbers r1 and r2 each having a number of bits determined in advance at typically 
64 and concatenates them to form M1 The procedure then goes on to a step S287 at which the DVD player 1 encrvots 
Ml by using the license key Ik to generate X which is then transmitted to the personal computer 2 at a step S288 
The personal computer 2 receiving X at a step S289 decrypts X by using the license key at a step S290 to produce 

64 2, Th r69 .K rded aS l 1 ' " ' 2 ' 3 COnca,ena,ion of r1 ' and ^ch comprising a predetermined number of bits typically 
64 b t s . Then, the procedure proceeds to a step S291 to generate a random number r3 having a predetermined number 
of bits^typicany, 64. Subsequently, the procedure continues to a step S292 at which r3 is concatenated Z r2MoTorm 
M2. The procedure then goes on to a step S293 at which M2 is encrypted by using the license key to generate Y which 
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is then transmitted to the DVD. player 1 at a step S294. 

The DVD player 1 receiving Y at a step S295 decrypts Y by using the license key Ik at a step S296 to form M2' 
which is regarded as r3' || r2", a concatenation of r3' and r2" each comprising a predetermined number of bits, typically 
64 bits. The procedure then goes on to a step S297 at which r2" is compared with r2 generated at the step S286 to 

5 check if they are equal to each other. If r2" is found unequal to r2. the DVD player 1 judges the personal computer 2 
to be an unauthorized apparatus and hence terminates the authentication protocol. If r2 M is found equal to r2, on the 
other hand, the procedure proceeds to a step S298 at which the DVD player 1 generates a source side common session 
key sk. The procedure then continues to a step S299 at which r3* is concatenated with sk to produce M3. Then, the 
procedure goes on to a step S300 at which M3 is encrypted by using the license key Ik to produce an encrypted text 

10 Z which is then transmitted to the personal computer 2 at a step S301 . 

The personal computer 2 receiving 2 at a step S302 decrypts 2 by using the license key at a step S303 to produce 
M3' which is regarded as r3" || sk', a concatenation of r3" and sk* each comprising a predetermined number of bits, 
typically, 64 bits. The procedure then goes on to a step S304 to check if r3" is equal to r3 generated at the step S291 . 
If r3" is found unequal to r3, the personal computer 2 judges the DVD player 1 to be an unauthorized apparatus and, 

is hence, terminates the authentication protocol. If r3" is found equal to r3, on the other hand, the personal computer 2 
accepts the sink side common session key sk' produced at the step S303 as the source side common session key sk. 

With the authentication protocol implemented by the embodiment described above, after the DVD player 1 serving 
as a source has authenticated the personal computer 2 as an authorized sink, the DVD player 1 transmits the encrypted 
text 2 resulting from encryption of the source side common session key sk to the sink. On the top of that, much like 

20 the embodiment shown in Fig. 33, in the case of the present embodiment, even if the source side common session 
key sk from which the source produces an encrypted text 2 by using the license key Ik remains unchanged in a session, 
2 varies from encryption to encryption during the session due to the fact that r3\ a variable number is involved in each 
encryption. As a result, the present embodiment offers a feature that makes it difficult for an unauthorized person to 
steal transmitted information. 

25 However, the embodiment shown in Fig. 37 has a problem if rl . r2, r3 and sk are each n bits in width due to the 

fact that an n-bit encryption algorithm is adopted. This is because, if the first n bits of Y received at the step S295 are 
used as the first n bits of 2 at the step S300 as they are, the source will pass the validity test carried out by the sink at 
the step S303 even if the source is an unauthorized apparatus. 

Addressing the problem described above, the present invention provides other embodiments shown in Figs. 38 to 
30 40, diagrams each showing an authentication protocol whereby, not only does the source transmit an encrypted text 
resulting from encryption of a source side common session key sk after verifying the validity of the sink, but the sink 
is also capable of authenticating the source. The procedures shown in Figs. 38 and 39 are each a typical modification 
of the embodiment shown in Fig. 37. 

First of all, the embodiment implementing an authentication protocol of Fig. 38 is explained. In this embodiment, 
35 any encryption mode including a feedback loop such as the CBC mode can be adopted as an encryption mode. 

Since pieces of processing carried out at steps S311 to S327 of the procedure shown in the figure are the same 
as those of the steps S281 to S297 of the procedure shown in Fig. 37, their explanation is not repeated. At a step 
S328, the DVD player 1 generates a random number r4 and a sources side common session key sk each having a 
number of bits determined in advance at typically 64. The procedure then goes on to a step S329 at which r4 is con- 
40 catenated with r3' and sk to produce M3. Then, the procedure proceeds to a step S330 at which M3 is encrypted by 
using the license key Ik to produce 2 which is then transmitted to the personal computer 2 at a step S331 . 

The personal computer 2 receiving 2 at a step S332 decrypts 2 by using the license key at a step S333 to produce 
M3' which is regarded as r4'|| r3" [| sk' : a concatenation of r4\ r3* and sk' each comprising a predetermined number of 
bits, typically 64 bits. The procedure then goes on to a step S334 to check if r3" is equal to r3 generated at the step 
45 S321 . If r3" is found unequal to r3. the personal computer 2 judges the DVD player 1 to be an unauthorized apparatus 
and, hence, terminates the authentication protocol. If r3" is found equal to r3, on the other hand, the personal computer 
2 accepts the sink side common session key sk' produced at the step S333 as the source side common session key sk. 

In the embodiment implementing the authentication protocol described above, not only does the source transmit 
an encrypted text resulting from encryption of a source side common session key after verifying the validity of the sink, 
50 but the sink is also capable of authenticating the source. 

Much like the procedure of Fig. 38 described above, the procedure shown in Fig. 39 is also a typical modification 
of the embodiment shown in Fig. 37. In this embodiment, any encryption mode including a feedback loop such as the 
. CBC mode can be adopted as an encryption mode. 

Since pieces of processing carried out at steps S351 to S361 of the procedure shown in Fig. 39 are the same as 
55 those of the steps S281 to S291 of the procedure shown in Fig. 37, their explanation is not repeated. At a step S362, 
the personal computer 2 generates r2' || r3 as M2. The procedure then goes on to a step S363 at which the personal 
computer 2 encrypts M2 by using the license key to produce Y which is then transmitted to the DVD player 1 at a step 
S364. 
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The DVD player 1 receiving Y at a step S365 decrypts Y by using the license key Ik at a step S366 to produce UP' 

64 b, s IS The a D r r t e d S 1 * * °' r2 " and * ^ "mprieinfl a predetermined n^r^tfb^^ 

64 brts. The procedure then goes on to a step S367 to check if r2" is equal to r2 generated at the step S356 If S r l 
found unequal to r2. the DVD player i judges the personal computer 2 to be an unauthorized appa Jus and hind 

S™ t whlch DVT," 0 " T ,OCOL " f2 " " ,0md eqUa ' ,0 12 ° n ,He ° ,her hand ' the P-edure goes S, ,^ 
S368 at which the DVD player 1 generates a source side common session key sk The procedure then nror^^ * 

step S369 a, which sk is concatenated with r3' to produce M3. Then, the procedure ^^Z^^TJSl 

^pr ?r r iicense key ik ,o produce an e — ^ z — - - 

The personal computer 2 receiving Z at a step S372 decrypts Z by usinq the license kev at » *<on c;o 7 o „ 

^^bS^oS^ 11 a conca,ena,ion of rr Jd sk ' each 

ypcally 64 b.ts. The procedure then goes on to a step S374 to check if r3" is equal to r3 generated at the steo S361 ' 
If r3 .s found unequal to r3, the persona, computer 2 judges the DVD player 1 to be an unJho £d apparatu^ ffnd 
hence terminates the authentication protocol. If r3" is found equal to r3, on the other hand the^n^^utTr 2 
accepts the sink s,de common session key sk" produced a. the step S373 as the source side common Z on Z sk 
in the embodiment implementing the authentication protocol as described above, the source transmits an encrvoted 

a e nd TnS "TT ™ °' " ^ SeSS,0n ^ Sk to the sink a « er vrifying the 7 a \ d* ^of the's ink 

and, ,n addition, the sink ,s also capable of authenticating the source. On the top of that, much like mrembodLen' 
shown ,n F,g. 33. ,n the case of the present embodiment, even i, the source side common »k T^Th 
the source produces an encrypted text Z by using the license key .k remains unchanged in a session 2 JaZ S 
encryption to encryption during the session due to the fact that r4, a variable number generated by ^ DVD pfaveM 
s invo.ved .n each encryption. As a result, the present embodiment offers a feature that makes it di^u^a^ unau- 
thorized person to steal transmitted information. u»"cun tor an unau- 

Fig. 40 is a diagram showing an embodiment implementing an authentication protocol having the same functions 

ZuZTeTsC mS cf T f * ^ ^ ™ de a Sdbac oop 

to ?S 2 , h ^ I 9 35 an encr yP ,ion mode Sif1ce P^es of processing carried out at steps S38? 

to S384 of the procedure shown in the figure are the same as those of the steps Si to S4 of the procedure shownln 
F.g. 4^ the, explanation ,s not repeated. At a step S385, the DVD p.ayer 1 generates a random number Rsrc halina 
a predefined number of bits, typically. 64 bits The procedure then goes on to a step S386 at which 7h random 
number Rsrc is transmitted to the personal computer 2. random 

S, JlT' T P ' ocedure P raceeds to a ste P S387 at which the personal computer 2 receives the random number Rsrc 
Subsequent the procedure continues to a step S388 at which the persona, computer 2 generates a random number 
Rsnk havmg a predeterm.ned number of bits, typically, 64 bits. The procedure then goes on to a step S38 Ta" whLh 
he random number Rsrc is concatenated with the random number Rsnk to generate Ml . Then h ^procedufe proceeds 
Xye S rTafa ste'p ^ * * ^ *" ^ to Pr ° dUC6 X ^ is then transmitted to^r^DVD 

At a step S392, the DVD player ! receives X. The procedure then goes on to a step S393 at which a license kev 
Ik is compu^d from an ID assigned to the personal computer 2 and a service key. A, a step S394 the ..cense kev^ 
is used for decrypting X to produce Ml ■ which is regarded as Rsnk" || Rsrc". a concatenation of Rsn an* Rsrc ea'ch • 
compr sing a predetermined number of bits, typica.ly, 64 bits. Then, the procedure proceeds to a step S395 to check 

T: k RSrC 13 ,OUnd UneQUal l ° RsrC ' ,he personal com P u,er 2 * i^to be an unauthorized apparatus 
.n wh.ch case the authentication protocol is terminated. If RsrC is found equal to Rsrc. on the othe^hand the pSTedu^e 

the orLL 3 ^ S " 6 31 WhiCh ° VD P ' ayer 1 96nerateS 3 SOUrce Side commo " — ton key s slseZ eZ 
he procedure continues to a step S397 at which Rsrc is concatenated with Rsnk' and sk to generate M2 Th ^pSedure 

m l he h PerS ° na ' C ° mPU L Sr 2 reCeiVin9 Y a ' 3 S,6P S4 °° deCryp,s Y b V usin 9 the license key at a step S401 to produce 
M3 wh.cn ,s regarded as Rsrc" II Rsnk" II sk", a concatenation of Rsrc", Rsnk" and sk' each comprising a predetermined 

atThe'step^TrR'^'^f * « 9062 °" " 3 " eP S4 ° 2 1 ° Ch6Ck * ' S ^ 

at the step S388. If Rsnk .s found unequal to Rsnk, the personal computer 2 judges the DVD olaver 1 to be an 

unau thorl , ed ap atus jn whjcn case the sjnk sjde common session P J 9 . e DVC >P tayer « b an 

Rsnk, on the other hand, sk' is accepted as a common session key. Q 

In the embodiment implementing the authentication protocol as described above, the source transmits an encrvoted 

and S ,r °r nC T i0n °' 3 SOUfCe SidS COmm ° n S8SSi0n k6y Sk ,0 the S '" k verifying the^W?J3nt 
and, .n add.t.on, the s.nk ,s also capable of authenticating the source. On the top of that much lik^ThP . 

the^e'L?' " 0356 °' PreSen * embod — -n i, the source summon Te^keV .kT^S 
Tncrvot^n .o f UCeS , an 7°™^ *** Y by USi " 9 ^ ' iCenSe key lk remains changed in a session Y var^sTom 
encrypt,on to encrypt.on dur.ng the sess.on due to the fact that Rsrc, a variab.e number generated by the DVD player 
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1, is involved in each encryption. As a result, the present embodiment offers a feature that makes it difficult for an 
unauthorized person to steal transmitted information. 

In the embodiments described above, the DVD player 1 serves as a source while the personal computer 2 and 
the optical magnetic disc apparatus 3 each serve-as a sink. It should be noted that the description is not intended to 
s be construed in a limiting sense. That is to say, any arbitrary electronic apparatus can be used as a source or a sink. 

In addition, while the 1394 serial bus 11 is used as an external bus for connecting the electronic apparatuses 
composing a data processing system to each other, the scope of the present embodiment is not limited to such em- 
bodiments. That is, a variety of buses can be used as an external bus and electronic apparatuses connected to each 
other by the external bus are not limited to those employed in the embodiments described above. Any arbitrary elec- 
io tronic apparatuses can be used to compose the data processing system. 

It is also worth noting that a variety of programs consisting of instructions to be executed by CPUs are presented 
to the user through providing media such a magnetic disc, a CD-ROM disc and a network and can be used, if necessary, 
by storing the programs in a RAM unit or a hard disc incorporated in the electronic apparatus. 

In an illustrative information processing apparatus, an illustrative information processing method and an illustrative 
recording medium provided by the present invention, a 1st key LK is generated on the basis of identification data 
received from another information processing apparatus and a 2nd key SVK representing predetermined information 
to undergo predetermined processing. As a result, security of transmitted information can be assured with a high degree 
of reliability. 

In addition, in another illustrative information processing apparatus, another illustrative information processing 
method and another illustrative recording medium provided by the present invention, a 1 st key SVK representing pre- 
determined information to undergo predetermined processing and a predetermined function are stored in advance. A 
2nd key LK is generated by application of the predetermined function to identification data received from another 
information processing apparatus and the 1st key SVK. A 3rd key SK is further generated, encrypted by using the 2nd 
key LK and transmitted to the other information processing apparatus. As a result, it is possible to allow only another 
authenticated information processing apparatus to carry out predetermined processing on information transmitted 
thereto, further assuring the security of the information. 

With an illustrative information processing system, a further illustrative information processing method and a further 
illustrative recording medium provided by the present invention, in the 1st information processing apparatus, a 1st key 
SVK associated with information to be transmitted to the 2nd information processing apparatus and a predetermined 
30 function are stored in advance. A 2nd key LK1 is generated by application of the predetermined function to identification 
data assigned to and received from the 2nd information processing apparatus and the 1st key SVK. A 3rd key SKI is 
further generated, encrypted by using the 2nd key LK2 and transmitted to the 2nd information processing apparatus. 
In the second information processing apparatus, on the other hand, identification data assigned to the 2nd information 
processing apparatus, that is, the 2nd information processing apparatus' own identification data unique to the 2nd 
information processing apparatus, and a 4th key LK2 representing a permission to carry out predetermined processing 
on predetermined information received from the 1st information processing apparatus are stored in advance. The 
encrypted 3rd key received from the 1st information processing apparatus is decrypted back into the 3rd key SK1 by 
using the 4th key LK2. As a result, an information processing system offering a high security of transmitted information 
can be implemented. 

On the top of that, according to a still further illustrative information processing apparatus, a still further illustrative 
information processing method and a still further illustrative recording medium provided by the present invention, a 1 st 
key LK. a 2nd key LK' and a predetermined function G are stored in advance. The 2nd key LK' is generated in advance 
on the basis of the 1st key LK and the inverse function G^l of the predetermined function G. Asa result security of 
transmitted information can be assured with a high degree of reliability. 
45 Furthermore, according to a still further illustrative information processing apparatus, a stil! further illustrative in- 

formation processing method and a still further illustrative recording medium provided by the present invention, data 
H is generated by application of a predetermined function to identification data assigned to and received from another 
information processing apparatus and a 1st key SVK. A 2nd key SK is then encrypted by using a pseudo random 
number pRNG (H) generated from the data H and transmitted to the other information processing apparatus. As a 
result, an information processing apparatus offering a high security of transmitted information can be implemented. 

In addition, with a still further information illustrative processing system, a still further illustrative information 
processing method and a still further illustrative recording medium provided by the present invention, in the 1st infor- 
mation processing apparatus, data H is generated by application of a 1st function h to identification data assigned to 
and received from the 2nd information processing apparatus and a 1st key SVK. A 2nd key SK is encrypted by using 
a pseudo random number pRNG (H) generated from the data H and transmitted to the 2nd information processing 
apparatus. In the 2nd information processing apparatus, on the other hand, a 3rd key LK, a 4th key LK' and a prede- 
termined function G are stored in advance. The 4th key LK' is generated on the basis of the 3rd key LK and the inverse 
function CM of the predetermined function G. As a result, an information processing system offering a high security 
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of transmitted information can be implemented. 



Claims 
1. 



3. 



A data transmitting apparatus wherein data is transmitted after predetermined processing based upon said appa- 
ratus own ID code and an ID code received from other equipment has been carried out, said apparatus comprising: 

a signal receiving means for receiving a signal from a partner apparatus; 

a signal transmitting means for transmitting a signal to a partner apparatus; and 

a signal encrypting means for carrying out predetermined encryption on a signal to be transmitted 

wherein said signal encrypting means examines information indicating a signal transmitting source received 

from sa.d signal receiving means and, if a signal is found already transmitted to said signal transmitting source 

said signal is not transmitted again to said signal transmitting source. 

2. A data transmitting apparatus according to claim 1 wherein: 

said signal transmitting means transmits an ID requesting signal and an encrypted text: 
said signal receiving means receives an ID: and 

said signal encrypting means generates an encrypted text from a predetermined key 

A data transmitting apparatus wherein data is transmitted after predetermined processing based upon said appa- 
ratus' own I D code and an I D code received from other equipment has been carried out, said apparatus comprising: 

a signal receiving means for receiving a signal from a partner apparatus; 
a signal transmitting means for transmitting a signal to a partner apparatus: and 
a signal encrypting means for carrying out predetermined encryption on a signal to be transmitted 
wherein said signal encrypting means executes the steps of generating; 

1st information by application of a predetermined function to information received from said signal receivinq 
means and information stored in advance; 
a random number; and 
an encrypted text. 

A data transmitting apparatus wherein data is transmitted after predetermined processing based upon said appa- 
ratus' own ID code and an ID code received from other equipment has been carried out, said apparatus compr.sing: 

a signal receiving means for receiving a random number and an ID signal from a partner apparatus" 
a signal transmitting means for transmitting an ID requesting signal and an encrypted text to a partner appa- 
ratus: and K 

a signal encrypting means for carrying out predetermined encryption on a signal to be transmitted 
wherein said signal encrypting means executes the steps of generating: 

1st information by application of a predetermined function to information received from said signal receiving 
means and information stored in advance; and 

an encrypted text from a random number received by said signal receiving means and said 1st information. 

A data transmitting apparatus wherein data is transmitted after predetermined processing based upon said appa- 
ratus' own ID code and an ID code received from other equipment has been carried out, said apparatus comprising: 

a signal receiving means for receiving an ID signal from a partner apparatus: 

a signal transmitting means for transmitting an ID requesting signal and an encrypted text to a partner appa- 
ratus: and KK 

a signal encrypting means for carrying out predetermined encryption on a signal to be transmitted 
wherein said signal encrypting means executes the steps of generating: 

1st information by application of a predetermined function to ID information received from said signal receivinq 
means and information stored in advance; 
time information: and 

an encrypted text from said time information and said 1st information. 



5. 
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6. A data transmitting apparatus wherein data is transmitted after predetermined processing based upon said appa- 
ratus' own t D code and an I D code received from other equipment has been carried out, said apparatus comprising: 

a signal receiving means for receiving an ID signal and other signals from a partner apparatus; 
5 a signal transmitting means for transmitting an ID requesting signal and an encrypted text to a partner appa- 

ratus: and 

a signal encrypting means for carrying out predetermined encryption on a signal to be transmitted, 
wherein said signal encrypting means executes the steps of: 

generating 1st information by application of a predetermined function to ID information received from said 
10 signal receiving means and information stored in advance; 

generating a 1st random number; 

generating a 1st encrypted text from said 1st information and said 1st random number; 

obtaining 2nd information from said signal receiving means and restoring a 2nd random number included in 
said 2nd information: and 

15 comparing said 1st random number with said 2nd random number and generating a 2nd encrypted text only 

if an outcome of comparison indicates a predetermined result. 

7. A data transmitting apparatus wherein data is transmitted after predetermined processing based upon said appa- 
ratus' own I D code and an I D code received from other equipment has been carried out, said apparatus comprising: 

20 

a signal receiving means for receiving an ID signal and other signals from a partner apparatus: 
a signal transmitting means for transmitting an ID requesting signal and an encrypted text to a partner appa- 
ratus; and 

a signal encrypting means for carrying out predetermined encryption on a signal to be transmitted, 
25 wherein said signal encrypting means executes the steps of: 

generating a 1st random number; 

generating 2nd information by application of a predetermined function to said ID signal and information stored 
in advance: 

decrypting 1st information received from said partner using said 2nd information and restoring a 2nd random 
^0 number included in said 1 st information; and 

comparing said 1st random number with said 2nd random number and generating a 2nd encrypted text only 
if an outcome of comparison indicates a predetermined result. 



8. A data transmitting method whereby: 

35 

data is transmitted after predetermined processing based upon an own ID code and an ID code received from 
other equipment has been carried out: and 

an authentication requesting signal from a partner apparatus is received and examined and, if information is 
found already transmitted to said partner apparatus, said information is not encrypted and transmitted again 
40 to said partner apparatus but, if said information has not been transmitted yet to said partner apparatus, said 

information is encrypted and transmitted to said partner apparatus. 



9. A data transmitting method according to claim 8 whereby an encrypted text is generated from information stored 
in advance and received information. 

45 

10. A data transmitting method whereby data is transmitted after predetermined processing based upon an own ID 
code and an ID code received from other equipment has been carried out., said method comprising the steps of: 

transmitting an ID requesting signal: 
50 receiving an ID: 

generating 1st information by application of a predetermined function to said ID and information stored in advance; 



generating a random number: 

generating an encrypted text from said random number and said 1st information: and 
transmitting said encrypted text. 

11. A data transmitting method whereby data is transmitted after predetermined processing based upon an own ID 
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code and an ID code received from other equipment has been earned out. said method comprising the steps of: 

receiving a random number; 
transmitting an ID requesting signal: 
receiving an ID; 

generating 1st information by app.ication of a predeterm.ned function to said ID and information stored in 

generating an encrypted text from said random number and said 1st information and 

transmitting said encrypted text. 

transmitting an ID requesting signal; 
receiving an ID: 

generating i s, information by a Ppl ication of a predetermined function to said ID and informat,on stored in advance: 
generating time information; 

generating an encrypted text from said time information and said 1st information and 
transmitting said encrypted text. 

transmitting an ID requesting signal: 
receiving an ID; 

generating 1 st information by app.ication o, a predetermined function to said ID and information stored in advance: 
generating a 1st random number; 

generating a 1st encrypted text from said 1st random number and said 1st information- 
transmitting said 1st encrypted text: 
receiving 2nd information: 

restoring a 2nd random number from said 2nd information and 

comparing said 1st random number with said 2nd random number and generat.ng a 2nd encrypted text onlv 
if an outcome of comparison indicates a predetermined result. encrypted text only 

transmitting an ID requesting signal; 
receiving an ID; 

generating a 1st random number: 
transmitting said 1st random number: 

receiving 1st information: 

generating 2nd information by application of a predetermined l u „ cl ion to said ID and information sfor.d in advance 

snsxr a„d n ,o,ma "° n us ' n9 saM 2nd mio ™"° n - * *- — » -~tr 

ifanoToSo"^ 

a signal receiving means for receiving a signal from a partner apparatus 

a text decrypts means for decrypting an encrypted text received by said signal receiving means: and 



32 



EP 0 874 300 A2 



a signal transmitting means for transmitting a signal to a partner apparatus, 

wherein said signal transmitting means transmits an authentication requesting signal and an ID signal. 

16. A data receiving apparatus for decrypting data received from other equipment using said apparatus' own key and 
information also received from said other equipment, said apparatus comprising: 

a signal receiving means for receiving a signal from a partner apparatus; 

a text decrypting means for decrypting an encrypted text received by said signal receiving means: and 

a signal transmitting means for transmitting a signal to a partner apparatus, 

wherein: 

said signal receiving means receives an ID requesting signal and an encrypted text; 

said signal decrypting means generates a random number, compares said generated random number with a 
random number included in said encrypted text received by said signal receiving means and generates a 
decrypted output only if a result of comparison satisfies a predetermined condition: and 
said signal transmitting means transmits said generated random number. 

17. A data receiving apparatus for decrypting data received from other equipment using said apparatus' own key and 
information also received from said other equipment, said apparatus comprising: 

a signal receiving means for receiving a signal from a partner apparatus; 

a text decrypting means for decrypting an encrypted text received by said signal receiving means; and 

a signal transmitting means for transmitting a signal to a partner apparatus, 

wherein: 

said signal receiving means receives an ID requesting signal and an encrypted text; 

said signal decrypting means generates a random number, compares said generated random number with a 
random number included in said encrypted text received by said signal receiving means and generates a 
decrypted output only if a result of comparison satisfies a predetermined condition: and 
said signal transmitting means transmits an ID. 

18. A data receiving apparatus for decrypting data received from other equipment using said apparatus' own key and 
information also received from said other equipment, said apparatus comprising: 

a signal receiving means for receiving a signal from a partner apparatus: 

a text decrypting means for decrypting an encrypted text received by said signal receiving means: and 

a signal transmitting means for transmitting a signal to a partner apparatus, 

wherein: 

said signal receiving means receives an ID requesting signal, a 1st encrypted text and a 3rd encrypted text: 
said signal decrypting means: 

generates a random number and a 2nd encrypted text from said generated random number and said 1st 
encrypted text received by said signal receiving means: and 

compares said generated random number with a random number included in said 3rd encrypted text received 
by said signal receiving means and generates a decrypted output only if a result of comparison satisfies a 
predetermined condition: and 

said signal transmitting means transmits an ID and said 2nd encrypted text. 

19. A data receiving apparatus for decrypting data received from other equipment using said apparatus' own key and 
information also received from said other equipment, said apparatus comprising: 

a signal receiving means for receiving a signal from a partner apparatus; 

a text decrypting means for decrypting an encrypted text received by said signal receiving means: and 

a signal transmitting means for transmitting a signal to a partner apparatus, 

wherein: 

said signal receiving means receives an ID requesting signal, a 1st random number and a 2nd encrypted text: 
said signal decrypting means: 

generates a 2nd random number and a 1st encrypted text from said generated 2nd random number and said 
1st random number received by said signal receiving means; and 

compares said generated 2nd random number with a random number included in said 2nd encrypted text 
received by said signal receiving means and generates a decrypted output only if a result of comparison 
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satisfies a predetermined condition; and 

said signal transmitting means transmits an ID and said 1st encrypted text. 

20 * tT»*lT< emng TT* ^ deCryptin9 d3ta received f rom other equipment using an own key and information also 
received from said other equipment, said method comprising the steps of: 

transmitting an authentication requesting signal: 
receiving an ID requesting signal; 
transmitting an ID; 
receiving an encrypted text; and 
decrypting a received encrypted text. 

21 . A data receiving method for decrypting data received from other equipment using an own key and information also 
received from said other equipment, said method comprising the steps of: 

generating a random number: 
transmitting said random number; 
receiving an ID requesting signal: 
transmitting an ID: 
receiving an encrypted text: and 

comparing said generated random number with a random number included in said received encrypted text 
and generating a decrypted output only if a result of comparison satisfies a predetermined condition. 

22. A data receiving method for decrypting data received from other equipment using an own key and information also 
received from said other equipment, said method comprising the steps of: 

receiving an ID requesting signal: 
transmitting an ID; 
receiving an encrypted text: and 

evaluating validity of time information included in said received encrypted text and 
generating a decrypted output only if a result of comparison satisfies a predetermined condition. 

23. A data receiving method for decrypting data received from other equipment using an own key and information also 
received from said other equipment, said method comprising the steps of: 

receiving an ID requesting signal: 
transmitting an ID: 
receiving a 1st encrypted text: 
generating a 2nd random number; 

generating a 2nd encrypted text from said generated 2nd random number and a 1 st random number included 
in said received 1st encrypted text; 
transmitting said 2nd encrypted text; 
receiving a 3rd encrypted text: and 

evaluating said generated 2nd random number and a 3rd random number included in said received 3rd en- 
45 crypted text and 

generating a decrypted output only if a result of evaluation satisfies a predetermined condition. 

24. A data receiving method for decrypting data received from other equipment using an own key and information also 
received from said other equipment, said method comprising the steps of: 



25 



30 



35 



40 



SO 



55 



receiving an ID requesting signal: 
transmitting an ID; 
receiving a 1st random number: 
generating a 2nd random number: 

number" 9 * ^ enCryPtSd teXt f '° m S3id 9 enerated 2nd rando ™ number and said received 1st random 

transmitting said 1st encrypted text; 
receiving a 2nd encrypted text: and 
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evaluating said generated 2nd random number and a 3rd random number included in said received 2nd en- 
crypted text and 

generating a decrypted output only if a result of evaluation satisfies a predetermined condition. 

25. A recording medium for storing a program prescribing a data transmitting method whereby: 

data is transmitted after predetermined processing based upon an own ID code and an ID code received from 
other equipment has been carried out; and 

an authentication requesting signal from a partner apparatus is received and examined and : if information is 
found already transmitted to said partner apparatus, said information is not encrypted and transmitted again 
to said partner apparatus but, if said information has not been transmitted yet to said partner apparatus, said 
information is encrypted and transmitted to said partner apparatus. 

26. A recording medium according to claim 25 wherein an encrypted text is generated from information stored in 
advance and received information. 



27. A recording medium for storing a program prescribing a data transmitting method whereby data is transmitted after 
predetermined processing based upon an own ID code and an ID code received from other equipment has been 
carried out : said method comprising the steps of: 

20 

transmitting an ID requesting signal: 
receiving an ID: 



generating 1 st information by application of a predetermined function to said ID and information stored in advance 

25 

generating a random number: 

generating an encrypted text from said random number and said 1st information: and 
transmitting said encrypted text. 



30 28. A recording medium for storing a program prescribing a data transmitting method whereby data is transmitted after 
predetermined processing based upon an own ID code and an ID code received from other equipment has been 
carried out, said method comprising the steps of: 

receiving a random number: 
35 transmitting an ID requesting signal: 

receiving an ID: 

generating 1st information by application of a predetermined function to said ID and information stored in 
advance: 

generating an encrypted text from said random number and said 1st information; and 
40 transmitting said encrypted text. 



29. A recording medium for storing a program prescribing a data transmitting method whereby data is transmitted after 
predetermined processing based upon an own ID code and an ID code received from other equipment has been 
carried out, said method comprising the steps of: 

45 

transmitting an ID requesting signal: 
receiving an ID; 
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generating 1 st information by application of a predetermined function to said ID and information stored in advance: 
generating time information: 

generating an encrypted text from said time information and said 1st information; and 
transmitting said encrypted text. 

30. A recording medium for storing a program prescribing a data transmitting method whereby data is transmitted after 
predetermined processing based upon an own ID code and an ID code received from other equipment has been 
carried out, said method comprising the steps of: 
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transmitting an ID requesting signal: 
receiving an ID; 
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15 



20 



generating 1 st information by application of a predetermined function to said ID and information stored in advance: 
generating a 1st random number: 

generating a 1st encrypted text from said 1st random number and said 1st information- 
transmitting said 1st encrypted text: 
receiving 2nd information; 

restoring a 2nd random number from said 2nd information: 

comparing said 1st random number with said 2nd random number" and 

generating a 2nd encrypted text only if an outcome of comparison indicates a predetermined result. 

31 . A recording medium for storing a program prescribing a data transmitting method whereby data is transmitted after 
predetermined processing based upon an own ID code and an ID code received from other equip^ 
carried out, said method comprising the steps of: M M Deen 

transmitting an ID requesting signal; 
receiving an ID: 

generating a 1st random number: 
transmitting said 1st random number: 



receiving 1st information; 

generating 2nd information by application of a predetermined function to said ID and information stored in advance 
?st SmaSn ° rma,i ° n ^ "* *" and 3 2nd ™ d °™ inc.uded 7n safd 
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comparing said 1st random number with said 2nd random number and 

generating a 2nd encrypted text only if an outcome of comparison indicates a predeterm.ned result. 
32. A recording medium for storing a program prescribing a data receiving method for decrypting data received from 
pr^gTTeTs T* " ^ ^ ^ 3150 ^ "* ^ ^ 

transmitting an authentication requesting signal; 

receiving an ID requesting signal: 

transmitting an ID: 

receiving an encrypted text: and 

decrypting a received encrypted text. 

33 ' nZ C °l* n9 me ? Um f ° r S,0rin9 3 PrOQram P rescribin 9 a data receiving method for decrypting data received from 
SglTsTeTi of" 9 " ^ in ' 0rma,,0n a ' S ° r6CeiVed ,r ° m S3,d °* her ^-P-ent said mJS 

generating a random number: 
transmitting said random number; 
receiving an ID requesting signal; 
transmitting an ID; 
' receiving an encrypted text: and 

comparing said generated random number with a random number included in said received encrypted text 
and generat,ng a decrypted output only if a result of comparison satisfies a predetermined condition 

34. A recording medium for storing a program prescribing a data receiving method for decrypting data received from 
oT 9 ^ in '° rma,i0n alS ° reC6,Ved ,r ° m S3id ° ,hef ^ meSc'r 

receiving an ID requesting signal; 
transmitting an ID: 
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receiving an encrypted text: and 

evaluating validity of time information included in said received encrypted text and generating a decrypted 
output only if a result of comparison satisfies a predetermined condition. 

35. A recording medium for storing a program prescribing a data receiving method for decrypting data received from 
other equipment using an own key and information also received from said other equipment, said method com- 
prising the steps of: 

receiving an ID requesting signal; 
transmitting an ID; 
receiving a 1 st encrypted text; 
generating a 2nd random number; 

generating a 2nd encrypted text from said generated 2nd random number and a 1st random number included 
in said received 1st encrypted text; 
transmitting said 2nd encrypted text; 
receiving a 3rd encrypted text; and 

evaluating said generated 2nd random number and a 3rd random number included in said received 3rd en- 
crypted text and 

generating a decrypted output only if a result of evaluation satisfies a predetermined condition. 

36. A recording medium for storing a program prescribing a data receiving method for decrypting data received from 
other equipment using an own key and information also received from said other equipment, said method com- 
prising the steps of; 

receiving an ID requesting signal; 
transmitting an ID: 
receiving a 1st random number; 
generating a 2nd random number; 

generating a 1st encrypted text from said generated 2nd random number and said received 1st random 
number: 

transmitting said 1st encrypted text: 
receiving a 2nd encrypted text: and 

evaluating said generated 2nd random number and a 3rd random number included in said received 2nd en- 
crypted text and 

generating a decrypted output only if a result of evaluation satisfies a predetermined condition. 
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(54) Information transmission, reception and recording 



(57) An information processing apparatus and an in- 
formation processing method are capable of preventing 
information from being copied illegally. 

A hash function and a service key are stored in ad- 
vance in an EEPROM of a DVD player serving as a 
source. In an EEPROM of a personal computer (PC) 
serving as a sink : its ID and a license key are stored 
beforehand. The DVD player requests the PC to trans- 
mit the ID. The DVD player then applies the hash func- 
tion to data resulting from concatenation of the ID with 



the service key to generate a license key (= hash (ID || 
service_key)). Subsequently, the DVD player generates 
a source side common session key and encrypts the 
session key by using the generated license key. Then, 
the DVD player transmits the encrypted source side 
common session key to the PC. The PC decrypts the 
encrypted source side common session key by using 
the license key stored in its EEPROM to produce a sink 
side common session key which has a value equal to 
that of the source side common session key. 
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Data transmitting (and receiving) apparatus and method. It 
has a receiving means for receiving a signal from a partner 
apparatus (sink), a signal transmitting means for 
transmitting a signal to a partner apparatus, a signal 
encrypting means. If a signal is found already transmitted 
to a sink, signal is not transmitted again to sink. It is 
aimed to prevent an non authorized sink to retrieve a 
license key. 



2. Claims: 3 4 6 7 10 11 13 14 16- 

19 21 23 24 27 28 30 31 33 35 36 



Data transmitting and receiving apparatus (and method). It 
has a receiving means for receiving a signal from a partner 
apparatus (sink), a signal transmitting means for 
transmitting a signal to a partner apparatus, a signal 
encrypting means. It calculates a function of information 
received from partner apparatus and information stored. It 
generates a random number and an encrypted text. It concerns 
key scrambling and it is aimed to prevent a non authorized 
sink to know whereas the session key has changed. 



3. Claim : 5 12 22 29 34 

Data transmitting and receiving apparatus (and method). It 
has a receiving means for receiving an ID signal from a 
partner apparatus (sink), a signal transmitting means for 
transmitting an ID requesting signal to a partner apparatus, 
a signal encrypting means. It calculates a function of ID 
received from partner apparatus and information stored. It 
generates time information and an encrypted text from time 
information and function. It concerns system to authenticate 
the source. 
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